Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

exec authorization with radius..

Hi guys, i was configuring auth-proxy . i had a

m/c---(inside)router(outside)---internet

now i want that a normal user is not able to get the telnet access of my router, only certain users can have the telnet access fromt the inside. i dont want to use NAR. i want to do this only with radius authorization.

i was looking for controlling the access of the users to the router with the help of radius,

aaa authorization exec default group tacacs+

when i use the above command i knw that i can control the shell access by checking shell box,but when i use the below command

aaa authorization exec default group radius

i was not able to find any particular radius av-pair which can control the exec shell access in respect to the above one.

4 REPLIES
Cisco Employee

Re: exec authorization with radius..

Following is the av-pair for privilege level 15

shell:priv-lvl=15

In Addition also select attribute 6

Service-type = login

~Rohit

New Member

Re: exec authorization with radius..

Hi rohit, i am looking to deny a specific user from getting the exec shell of my router with radius authorization.. the above attributes will assign a user a priv level 15...

Cisco Employee

Re: exec authorization with radius..

So do not assign any privilege level to the user , or assign privilege level 0.

~Rohit

Re: exec authorization with radius..

Hi,

Make use of this,

shell:priv-lvl=15

shell:autocmd=exit

So what will happen with this is, as soon as user tries to log into shell, BOOM!, user will exit out.

NOTE: I have not tried this exactly, but should work, you might be required to use separator, ";" i.e.,

shell:priv-lvl=15;

shell:autocmd=exit

Regards,

Prem

232
Views
5
Helpful
4
Replies
CreatePlease to create content