Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Read only , and read write authorization from acs/juniper radius

Hi all,

we have a large detabase of cisco routers and swithches , we want to have a radius authentication and athorizaion level set to read only and (rd , rw) for certain users.

ie for company employees read write access and for outside auditors/consultants read only access .

how do i do it with Radius on ACS and juniper/radius  .

Any links for cisco routers config will be highly appreciated.


Read only , and read write authorization from acs/juniper radius

I would recommend to use TACACS+ instead of RADIUS.

Depending on your network device, in ACS you can use "command authorization sets" (when using traditional IOS) or "shell profiles" (when using Cisco IOS XE, IOS XR, Cisco ACE, Juniper JunOS, etc).

For read only you can deny the "config terminal" command. For read write you can allow the "config terminal" command.

Here's an example of allowing/denying commands by using "command authorization sets".

PLease rate if it helps. Kind regards.