Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

Radius privil-lvl AV PAIR

Hi. I have been looking for hours for the answer. I have posted here in desperation.

I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.

I have attached the config.

I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)

  • AAA Identity and NAC
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Radius privil-lvl AV PAIR

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,

aaa authorization console

Regards,

~JG

Do rate helpful posts

3 REPLIES

Re: Radius privil-lvl AV PAIR

Your console config is blank. Is that correct or did you remove it for posting?

Re: Radius privil-lvl AV PAIR

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,

aaa authorization console

Regards,

~JG

Do rate helpful posts

Re: Radius privil-lvl AV PAIR

Arg! it IS hidden! That is diabolical!

But it works. Thankyou 100x kind sir.

114
Views
5
Helpful
3
Replies