https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839110#M547851 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/835623">@alemanetz</a>&nbsp;,</P><P>&nbsp;</P><P>Maybe this discussion of the community can help you:</P><P><A href="https://community.cisco.com/t5/firewalls/privilege-level-assignment-via-radius/td-p/2221818" target="_blank">https://community.cisco.com/t5/firewalls/privilege-level-assignment-via-radius/td-p/2221818</A></P><P>&nbsp;</P><P>Regards</P> Tue, 16 Apr 2019 00:10:33 GMT luis_cordova 2019-04-16T00:10:33Z https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839074#M547849 <P>Hello, I have some Cisco 2960X switches in which I authenticate using RADIUS.</P><P>&nbsp;</P><P>I was wondering if there's a way to create a non-administrative user for them using a RADIUS server?</P><P>This user should only execute the following commands: <STRONG>show interface status</STRONG>, <STRONG>duplex &lt;mode&gt;, switchport</STRONG>, <STRONG>description</STRONG>,&nbsp;<STRONG>shutdown</STRONG>&nbsp;and <STRONG>no shutdown</STRONG>.</P><P>&nbsp;</P><P>Is this possible?</P> Fri, 21 Feb 2020 19:04:37 GMT https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839074#M547849 alemanetz 2020-02-21T19:04:37Z https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839110#M547851 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/835623">@alemanetz</a>&nbsp;,</P><P>&nbsp;</P><P>Maybe this discussion of the community can help you:</P><P><A href="https://community.cisco.com/t5/firewalls/privilege-level-assignment-via-radius/td-p/2221818" target="_blank">https://community.cisco.com/t5/firewalls/privilege-level-assignment-via-radius/td-p/2221818</A></P><P>&nbsp;</P><P>Regards</P> Tue, 16 Apr 2019 00:10:33 GMT https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839110#M547851 luis_cordova 2019-04-16T00:10:33Z https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839139#M547852 If the RADIUS server that you are using is ISE, then it is commonly done with TACACS. <BR /><BR />You create a shell profile for the device, a command set (limiting commands), and then an authentication and authorization rule that the user/switch matches. This is a good graphical guide showing an example. <BR /><A href="https://networkproguide.com/configure-cisco-ise-tacacs-server/" target="_blank">https://networkproguide.com/configure-cisco-ise-tacacs-server/</A><BR /><BR />If the RADIUS server you are using doesn't offer TACACS, it still possible to restrict authentication users from accessing config t, just a different guide. Tue, 16 Apr 2019 00:52:17 GMT https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839139#M547852 Damien Miller 2019-04-16T00:52:17Z https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839512#M547853 <P>Thanks for your answer!</P><P>&nbsp;</P><P>I'm using NPS as my RADIUS server. How would I go around this?</P> Tue, 16 Apr 2019 13:39:32 GMT https://community.cisco.com/t5/network-access-control/how-do-i-create-a-non-administrative-radius-user/m-p/3839512#M547853 alemanetz 2019-04-16T13:39:32Z