Posted on February 7, 2019 7:04 am
 |  Asked by William
 |  66 views
0
0
Print Friendly, PDF & Email

Has anyone used FreeRadius for authentication into your Arista devices? I am trying to find out how to configure freeradius for arista so that I can configure my switches to use it.

0
Posted by Tamas Plugor
Answered on February 8, 2019 2:00 am

The following should help:

1. You first have to create a dictionary file: dictionary.arista

# cat /usr/share/freeradius/dictionary.arista

VENDOR Arista 30065
BEGIN-VENDOR Arista ATTRIBUTE Arista-AVPair 1 string
ATTRIBUTE Arista-User-Priv-Level 2 integer
ATTRIBUTE Arista-User-Role 3 string
ATTRIBUTE Arista-CVP-Role 4 string
END-VENDOR Arista

2. if not already included, add that dictionary in /usr/share/freeradius/dictionary or /usr/share/freeradius//dictionary

$INCLUDE dictionary.arista

In newer version it might be there by default.

3. Add users to your users db in /etc/freeradius/users or /etc/freeradius//users

example:


tamas Cleartext-Password := "arista"
Auth-Type := Accept,
Service-Type := NAS-Prompt-User,
Arista-AVpair = "shell:priv-lvl=15",
Arista-AVpair += "shell:cvp-roles=network-admin"

4. add your clients to /etc/freeradius/clients.conf or /etc/freeradius//clients.conf


client lp300 {
ipaddr = 10.83.13.130
secret = arastra
}

To configure radius on EOS please refer to our config guide: https://www.arista.com/en/um-eos/eos-section-4-2-configuring-the-security-services#ww1152216

HTH,
Tamas

Post your Answer

You must be logged in to post an answer.