Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Works Radius AAA Cisco Secure

We are trying to use Cisco Secure to AAA our CW users. I have succesfully authenticated, but am trying to figure out the following:

· We have confirmed that CW can Authenticate to the Cisco Secure server.

· When the user authenticates using their ID, they are automatically given the lowest (Help Desk) permissions.

1. How do we assign the different Cisco Works levels of Authorization to the NDS user id’s? The following canned permission groups exist:

i. System

ii. Admin

iii. Network Admin

iv. Network Operator

v. Approver

vi. Help Desk

2. Also, the different users have certain properties unique to them as provided for in Cisco Works. We need to figure out how to assign these properties to the users and pass them to Cisco Works when they login to that resource. They are:

i. Email Address

ii. CCO Login

iii. CCO Password

Any assistance is greatly appreciated.

James Amann


Re: Cisco Works Radius AAA Cisco Secure

After you select and configure a login module, all authentication transactions a re performed by that source. The CW2000 Server still determines user roles; therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role). To assign a user to a different role, such as the System Admin role, you must configure the user locally. Such users must have the same user ID locally as they have in the alternative authentication source. Users log in with the user ID and password associated with the current login module.

Fallback Options:

If the alternative authentication service fails, you can specify that authentica tion fallback to CW2000 Local. It is recommended that you have at least one local CW2000 user with system administrator privileges as a fall-back login so you won't be locked out of system administration tasks should the authentication service fail.