Radius authentication for privileged access

Unanswered Question
Sep 23rd, 2010
User Badges:


          I have configured Cisco 6513 for radius authentication with following commands.

aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911

line vty 0 4

accounting exec acctradius
login authentication authradius

     This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.

     I am using TeKRadius as Radius server.

     Please help.

Thanks and Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
NickNac79 Thu, 09/23/2010 - 03:30
User Badges:
  • Bronze, 100 points or more

Hi Pratik,

Try adding:

aaa authentication enable default group radius enable


love4u.pratik Thu, 09/23/2010 - 03:47
User Badges:

Hi Nick,

          I tried that but its not working....


          It asks username password during login and then when I enter enable it asks for simply password, and any of the password will not work, not even the enable password or the radius password. Then i have to shutdown the radius server service to get the privileged access of the switch.



NickNac79 Thu, 09/23/2010 - 04:04
User Badges:
  • Bronze, 100 points or more

Hi Pratik

Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.

You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.

There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.


Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.


This Discussion

Related Content