Thanks I have followed that and although I can logon it seems the I get Priv 15 for both.  Do I have to do anything on the routers to devide priv 1?  I logged in using priv 1 account and I cound rename the router and write to the startup config, I don't think a priv 1 user could do that?

Thanks

Thanks I have followed that and although I can logon it seems the I get Priv 15 for both.  Do I have to do anything on the routers to devide priv 1?  I logged in using priv 1 account and I cound rename the router and write to the startup config, I don't think a priv 1 user could do that?

Thanks

Try Changing the shell:priv-lvl=15 to shell:priv-lvl=1 and then try are you able to login in your router with privillage 1 access or not !!

Hope to help !!

Ganesh.H

Remember to rate the helpful post

While you're logged in, do a "show priv". It will show you what your current privilege level is.

I don't know about IAS, but I use Steel Belted, and I can set up individual user accounts to be passed a certain privilege level. For example, if I have two users:

Bob: Priv 2

Mary: Priv 3

Supervisor: Priv 15

In their account on the radius server, I would set them up as individual accounts (or link them in AD), and the set their return attribute to shell:priv-lvl=2,3, or 15 respectively for the user. Then when they log into the router, they'd be at that level.

You do have to set up your privilege levels on the router though. If you don't want "show run" to run at say privilege 3, then move "show run" to privilege 4. It's a beating, but it'll be worth it in the end.

HTH,

John