Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

RSA RADIUS AAA Works, but no EXEC mode

I have set up my RSA RADIUS server to authenticate logins to my Cisco device(s). And, I have managed to limit which users can login (by assigning them to a Group in RSA and then Activating that group on the router Agent Host). Works fine.

The last thing I'd like to get is for the authenticated user to go directly to EXEC mode (enabled). Right now the user has to do "en" and enter the enable password/secret.

Anybody know how to do this? Thanx in advance.

Paul

3 REPLIES
Silver

Re: RSA RADIUS AAA Works, but no EXEC mode

line vty 0 4

privilege level 15

Here is an example:

[root@Linux root]# telnet 192.168.0.5

Trying 192.168.0.5...

Connected to 192.168.0.5 (192.168.0.5).

Escape character is '^]'.

C

*****************

User Access Verification

Username: test3

Password:

Enter your new PIN, containing 4 to 8 digits,

or

to cancel the New PIN procedure:

Please re-enter new PIN:

Wait for the code on your card to change, then log in with the new PIN

Enter PASSCODE:

C2960#

CCIE Security

Re: RSA RADIUS AAA Works, but no EXEC mode

Just adding the "privilege level 15" to the line? OK, I'll give it a go. Thanx! (I'll rate if it works...;^)

Paul

Re: RSA RADIUS AAA Works, but no EXEC mode

Works like a champ, thanx. I rated the post but I can't figure out how to mark the answer/thread as "this solved my problem." Any idea how?

Thanx again.

Paul

226
Views
10
Helpful
3
Replies