Hi. I have been looking for hours for the answer. I have posted here in desperation.
I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.
I have attached the config.
I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)
By default authorization is disabled on console. So to make it work you need to issue this hidden command,
aaa authorization console
Do rate helpful posts