Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Member

Radius authentication allow some of AD accounts not all of them

Hi everyone,

 

Can I use Radius authentication but allow parts of AD accounts to login device?

Or only few of user can access privilege level 15?

 

Configuration :

aaa authentication login default group radius local
aaa authentication enable default none
aaa authorization exec default if-authenticated
aaa accounting exec default stop-only group radius

 

Looking forward to your response guys.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Radius authentication allow some of AD accounts not all of them

If you use ISE, your Authorization policy could be to allow users from a certain AD groups (say Admins) to access network devices. Even though it authenticates all users on AD, the Authorization can restrict users based on your requirements.
2 REPLIES

Re: Radius authentication allow some of AD accounts not all of them

If you use ISE, your Authorization policy could be to allow users from a certain AD groups (say Admins) to access network devices. Even though it authenticates all users on AD, the Authorization can restrict users based on your requirements.
Silver

Re: Radius authentication allow some of AD accounts not all of them

449
Views
0
Helpful
2
Replies
CreatePlease to create content