Hello All,
I've never had to configure Management Authentication for management access to the MAS Switches via RADIUS. So I wanted to confirm if I am on the right track as regards my thoughts towards configuring this.
So, based on the fact that they will be using RADIUS, will I have to build a Role for example for IT. Then an ACL giving them access to the Management VLAN (to manage the MAS Switches). Then configure the RADIUS Servers and associate them to a Server Group which will be applied to the "aaa authentication mgmt" Profile. Is this correct so far?
Secondly, can I use Server Derivation Policy associated to the Server Group configuration and can my Attribute from AD be "Class" which when successfully authenticated, assigns them to the Role I created.
Will this work for Management Authentication?
I know for User Authentication, this would be the norm but wanted to be sure about Management Authentication.
Look forward to your responses.