08-12-2015 06:51 AM
Hi,
I have configured aaa authentication for Cisco 1905 with Steel Belted Radius Server (Juniper) .
2 users are created - test1 for write access and test2 for read access.
SBR returns the right attribute for write and read access respectively.
But the write access and read access works as follows:
Write access
username : xxxxx
Password: xxxxx
Router#
priv level is 15
Read access:
username : xxxxx
password : xxxxx
Router >
Priv level is 1.
If en entered , it will ask for enable pw ; if user has en pw ; he will get privilege level 15.
Desired output is Router >en
% Auth failed% (It should not allow to enter the enable password).
If enable pw is disabled ;
Router >en
Router#
Cisco TAC says this is the normal behaviour.
But with TACACS server, user is not able to enter conf t or en.
Please suggest.
Regards
Nimmi MP
08-25-2015 03:05 AM
Hi, Nimmi,
have you created these users in SBR as a Native Users? how do you granded privileges level to users?.. through Profiles in SBR?
10-01-2015 03:52 AM
Hi Vadim,
This is resolved when privilege access is configured .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide