11-13-2006 12:53 AM - edited 03-10-2019 02:50 PM
I'm trying to assigned a privilege level on a Cisco router via Radius. I'm using the Cisco Secure ACS (Windows 2K).
I have set the privilege level to 15. But when I telnet to the router, I always get the router> prompt instead of the router# prompt.
How can I configured the Radius/router so that when I get successfully authenticated, the router# prompt is shown.
I've configured the router as below:
aaa authentication login vtymethod group radius enable
aaa authorization exec vtymethod group radius local
radius-server host 202.x.x.195 auth-port 1645 acct-port 1646 key cisco
line vty 0 4
authorization exec vtymethod
login authentication vtymethod
!
On the Radius, I've configured as below:
In the group settings for IETF Radius attributes, the Service-Type is set to Nas Prompt.
Also in the group settings, I've checked the Cisco-av-pair with the following configured: shell:priv-lvl=15.
Is there something I'm missing.
Appreciate the help.
Thanks.
sweeann
11-13-2006 11:29 AM
I believe adding the following line to your AAA configuration will allow a user authenticated through ACS to login directly to enabled mode:
aaa authorization exec vtymethod group radius if-authenticated
Hope this helps,
-d
11-13-2006 05:21 PM
Tried the suggestion above but I'm still getting the router> prompt instead of going directly to enable mode.
Thanks,
sweeann
11-13-2006 06:52 PM
Just an update:
I've configured wrongly on the network configuration in the ACS. I've chosen Radius (IETF) instead of Radius (Cisco IOS/PIX). Once I changed it to Radius (Cisco IOS/PIX) I was able to assigned the privilege level.
Thanks all,
sweeann
11-14-2006 02:39 AM
Hi
Im curious... what is the perceived benefit of using RADIUS instead of TACACS+ ?
Given that ACS supports both and that T+ is a superior protocol for device admin.
I once heard someone mutter that T+ was proprietry... but all they were doing was sending (effectively) T+ av-pairs via a Cisco RADIUS VSAs. Not significantly different one could argue!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: