Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

aaa console telnet via radius

Using this configuration to radius control console and telnet access :aaa authentication login default group Sts-radius local

aaa authorization exec default group Sts-radius local

aaa accounting exec default start-stop group Sts-radius

In wlse I've configured :

diagonale@Sts-radius:aaa-server user

aaa-server user diagonale password <encrypted>

aaa-server user xxx password <encrypted>

attributes =

cisco-avpair = shell:priv-lvl=15

service-type = login

The resultat:

user fr231662 can log via console or telnet as required.

user diagonale cannot connect via telnet as required, but CAN connect via console.

I wish to NOT allow diagonale to connect via console.

How can I do that ??

Thanks

1 REPLY

Re: aaa console telnet via radius

Hello,

what does the configuration of con 0 look like ? In order for RADIUS (or the local database as the backup) to authenticate console access, the config should be (here, a specific list named CONSOLE is used, in order to distinguish that this is for console access):

aaa authentication login CONSOLE group Sts-radius local

!

line con 0

password cisco

login authentication CONSOLE

Regards,

GNT

321
Views
4
Helpful
1
Replies
CreatePlease to create content