cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
516
Views
0
Helpful
3
Replies

MS IAS (radius) and authentication login

kir_mischenko
Level 1
Level 1

hello

I configure my cisco devices by

aaa new model

aaa authentication login group radiussrv local

config radiussrv group all is OK

but all users authenticated by radius have access to shell. but i need to give cisco shell access only to one group in AD... other groups are used to easyvpn xauth

how to separate them?

3 Replies 3

kaachary
Cisco Employee
Cisco Employee

Hi,

The required setting needs to be done on IAS.

On IOS, there's nothin much you can do.

HTH,

Kanishka

well i know this

can you help about it?

I have a strange situation - 2 ias policy one for admin group in AD, other for VPN users in AD... but the result is only authenticate or not... VPN users have acess to shell...

I am not if radius can do this but I am not an

expert with radius.

This can be done with freeware tacacs very

easily throught authorization. I've done it

many times myself.

David

CCIE Security

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: