RSA RADIUS AAA Works, but no EXEC mode

Unanswered Question
Jan 4th, 2008
User Badges:
  • Bronze, 100 points or more

I have set up my RSA RADIUS server to authenticate logins to my Cisco device(s). And, I have managed to limit which users can login (by assigning them to a Group in RSA and then Activating that group on the router Agent Host). Works fine.

The last thing I'd like to get is for the authenticated user to go directly to EXEC mode (enabled). Right now the user has to do "en" and enter the enable password/secret.

Anybody know how to do this? Thanx in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
cisco24x7 Fri, 01/04/2008 - 12:10
User Badges:
  • Silver, 250 points or more

line vty 0 4

privilege level 15

Here is an example:

[[email protected] root]# telnet


Connected to (

Escape character is '^]'.



User Access Verification

Username: test3


Enter your new PIN, containing 4 to 8 digits,


to cancel the New PIN procedure:

Please re-enter new PIN:

Wait for the code on your card to change, then log in with the new PIN



CCIE Security

PAUL TRIVINO Fri, 01/04/2008 - 12:14
User Badges:
  • Bronze, 100 points or more

Just adding the "privilege level 15" to the line? OK, I'll give it a go. Thanx! (I'll rate if it works...;^)


PAUL TRIVINO Fri, 01/04/2008 - 14:36
User Badges:
  • Bronze, 100 points or more

Works like a champ, thanx. I rated the post but I can't figure out how to mark the answer/thread as "this solved my problem." Any idea how?

Thanx again.



This Discussion