Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1383
Views
0
Helpful
2
Replies

Controling privilege levels on PIX with Radius

ronald_beaulieu
Level 1
Level 1

‎11-22-2001 10:20 AM - edited ‎02-20-2020 09:55 PM

We have a PIX 515 and we are trying to control privilege levels when our admins login to the console port or Telnet. we have the following config

aaa-server RADIUS (inside) host 192.168.x.x MySecretKey timeout 4

aaa authentication telnet console RADIUS

aaa authentication enable console RADIUS

aaa authentication serial console RADIUS

This allows us to have the Radius authenticate the access but once you have access you can go to Enable mode and all it does is prompt you for your Uid/pswd again.

My Radius server supports the Cisco AV Pairs so i tried adding in the users profil the attributes shell:priv-lvl=15 for admins.

I also tried adding the atribute Service-type=Login and Service-type=Administrative it still doesn't control the Enable mode access.

Any help or guidance would be appreciated.

Ronald.

0 Helpful
2 Replies 2

jekrauss
Level 1
Level 1

‎11-24-2001 06:16 PM

Unlike the IOS on a router, there is no authorization or command authorization on the pix.

HTH

Jeff

0 Helpful

jekrauss
Level 1
Level 1
In response to jekrauss

‎11-24-2001 06:17 PM

Let me add just a clarifying comment. You can, of course, perform authorization THROUGH the PIX, just not authorization of users administering the pix - just authentication.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card