AAA authentication / Radius-Servers

Unanswered Question
Aug 14th, 2012
User Badges:

                   Hello cisco folks,


Have a technical question I would like to ask. I'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.

Then the enable password.  Thanks in advance.


Paul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ramraj Sivagnan... Wed, 08/22/2012 - 23:59
User Badges:
  • Silver, 250 points or more

Hi Bro

Yes, this can be achieved in Cisco IOS devices but not in Cisco ASA. In Cisco ASA, you still have to type the "enable" command.


Just ensure you've the configuration shown below, and all should be good;


!
enable password cisco
!
aaa new-model
!

aaa authentication login VTY group radius local
aaa authentication login CONSOLE local
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec VTY group radius local
!
username ram privilege 15 password 0 cisco
username cisco privilege 7 password 0 cisco
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0

!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!

ip radius source-interface FastEthernet0/0
!
radius-server host 10.0.0.100 auth-port 1645 acct-port 1646 key cisco
!

privilege interface level 7 shutdown
privilege interface level 7 ip address
privilege interface level 7 ip
privilege interface level 7 no shutdown
privilege interface level 7 no ip address
privilege interface level 7 no ip
privilege interface level 7 no
privilege configure level 7 interface
privilege configure level 7 shutdown
privilege configure level 7 ip
privilege configure level 7 no interface
privilege configure level 7 no shutdown
privilege configure level 7 no ip
privilege configure level 0 no
privilege exec level 7 configure terminal
privilege exec level 7 configure
privilege exec level 7 undebug ip rip
privilege exec level 7 undebug ip
privilege exec level 7 undebug all
privilege exec level 7 undebug
privilege exec level 7 debug ip rip
privilege exec level 7 debug ip
privilege exec level 7 debug all
privilege exec level 7 debug
!
line con 0
authorization exec VTY
login authentication VTY
line aux 0
line vty 0 4
authorization exec VTY
login authentication VTY
!

end



Note: Ensure your user ID in your Radius server has the correct av-pair parameters shell:priv-lvl=15

P/S: if you think this comment is helpful, please do rate it nicely :-)

Actions

This Discussion

Related Content