CLI login: define values to returned in switches configuration in place of modules configuration

[nqb]

Is your feature request related to a problem? Please describe. Sometimes you want PacketFence to grant CLI access to network devices with an access level between read and write like a read access with some additional commands.

If you want to offer read, write and several custom access on same switch, it's not possible.

Describe the solution you'd like We should have a way to map admin roles to RADIUS values directly in Switches or Switch groups exactly like we do for Roles (using Roles tab)

Example (on a Admin roles tab on a Switch or Switch group):

read_only_AdminRole=3
monitoring_AdminRole=5
write_AdminRole=15

On the backend, PacketFence will use one CLI RADIUS attribute defined in switch module and substitute values.

So if you get a "monitoring" admin role and you're trying to reach a Cisco Switch, PacketFence will return:

RADIUS Access-Accept
Cisco-AVPair = 'shell:priv-lvl=5';
Reply-Message = "Switch access granted by PacketFence";

Additional context This solution should simplify the way we handle read and write access for switches.

[bjbaerken]

Here is an idea how you can do this: a. make a switch group and assign the switches to it. b. make in a Authentication Source a Administration Rule b. go to: advanched -> filter engines -> RADIUS Filters