Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CAT4006 & CAT6509 radius authorization

I setup a radius server to apply aaa on routers and switches.In routers, using local privilege and work well. In switches, it just gets into exec mode. When I set radius profile, just one 6509 can become enable prompt, others fail.I checked the version, 6509 for 6.4(4) worked, 6509 for 6.1 failed, 4006 for 5.5 failed. In http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080094ea4.shtml#f, it said radius could exec authorization after 5.4. Why? Can anybody help? Thanks.

2 REPLIES
Bronze

Re: CAT4006 & CAT6509 radius authorization

Step F in the document has an interesting note. If the service-type is set for anything other than 6-administrative (for example, 1-login, 7-shell, or 2-framed), the user arrives at the switch exec prompt, but not the enable prompt. This is problem you seem to be running into. Set the Service-Type (RADIUS attribute 6) to Administrative.

New Member

Re: CAT4006 & CAT6509 radius authorization

Yes, I had read it hard. But when I set Service-type to 6, some switch works and some doesn't. I want to know the different between those.

Thanks for your reply!

137
Views
0
Helpful
2
Replies
CreatePlease to create content