I configure my cisco devices by
aaa new model
aaa authentication login group radiussrv local
config radiussrv group all is OK
but all users authenticated by radius have access to shell. but i need to give cisco shell access only to one group in AD... other groups are used to easyvpn xauth
how to separate them?