exec authorization with radius..

Unanswered Question
Sep 4th, 2007
User Badges:

Hi guys, i was configuring auth-proxy . i had a


now i want that a normal user is not able to get the telnet access of my router, only certain users can have the telnet access fromt the inside. i dont want to use NAR. i want to do this only with radius authorization.

i was looking for controlling the access of the users to the router with the help of radius,

aaa authorization exec default group tacacs+

when i use the above command i knw that i can control the shell access by checking shell box,but when i use the below command

aaa authorization exec default group radius

i was not able to find any particular radius av-pair which can control the exec shell access in respect to the above one.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
rochopra Wed, 09/05/2007 - 00:38
User Badges:
  • Cisco Employee,

Following is the av-pair for privilege level 15


In Addition also select attribute 6

Service-type = login


diptanshusingh Wed, 09/05/2007 - 00:57
User Badges:

Hi rohit, i am looking to deny a specific user from getting the exec shell of my router with radius authorization.. the above attributes will assign a user a priv level 15...

rochopra Thu, 09/06/2007 - 18:00
User Badges:
  • Cisco Employee,

So do not assign any privilege level to the user , or assign privilege level 0.


Premdeep Banga Sat, 09/08/2007 - 08:54
User Badges:
  • Gold, 750 points or more


Make use of this,



So what will happen with this is, as soon as user tries to log into shell, BOOM!, user will exit out.

NOTE: I have not tried this exactly, but should work, you might be required to use separator, ";" i.e.,






This Discussion