ullasupendran Wed, 09/23/2009 - 09:49
User Badges:

HI cathy ...I refered the docs earlier too and i did the following config from that.

radius-server host key XXXXXXXX

radius-server host auth-port 1812

radius-server host acct-port 1813

radius-server host authentication

radius-server host accounting

aaa group server radius RadiusServers


aaa authentication login console group RadiusServers local none

aaa accounting default group RadiusServers local

The issue i am facing is ...i cant login to the config mode.

Its not authorising me to do config commands.How do i specify the option not use Radius server for command authorisation.


ciscocsoc Wed, 09/23/2009 - 23:06
User Badges:
  • Silver, 250 points or more


See the ACE Security Guide - Chapter 2. You need to set a CiscoAVPair. How you do this will depend on the RADIUS software that you are using. It sounds like you're being put into Network-Monitor role by default. Quote from the manual:

"The user profile attribute serves an important configuration function for a RADIUS server group. If the user profile attribute is not obtained from the server during authentication, or if the profile is obtained from the server but the context name(s) in the profile do not match the context in which the user is trying to log in, a default role (Network-Monitor) and a default domain (default-domain) are assigned to the user if the authentication is successful."

There are postings in this and other Cisco fora about exactly how to set these values (which depends on your RADIUS server implementation).




This Discussion