https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444798#M568875 <P>Hello, thank you for your response. What if you need to provide privilege level 7 with full running configuration view -&gt; like this<BR />privilege exec level 7 show running-config view full<BR />Is there any option how could I set the atributes in ISE to do this?</P> Thu, 05 Aug 2021 12:47:33 GMT mexx03 2021-08-05T12:47:33Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818727#M203962 <P style="margin: 0cm; margin-bottom: .0001pt;">Hi Guys,</P><P></P><P></P><P style="margin: 0cm; margin-bottom: .0001pt;">I'm working on an eval on vmware. I have got everything working for wlan authentication and I’m working on shell authentication for switches. On the ACS you have the possibility to give the user privilege level on the switch. You can do this with shell profiles in ACS. </P><P></P><P style="margin: 0cm; margin-bottom: .0001pt;">Is there a way to get this done in ISE? I was thinking to make a result policy elements but I can't find a shell profile or privilege attributes like in ACS. </P><P>For the record, switch authentication is working with Active Directory. I only need to know how to give the right return attribute.</P><P></P><P style="margin: 0cm; margin-bottom: .0001pt;">I appreciate any help!</P><P></P><P></P><P></P><P style="margin: 0cm; margin-bottom: .0001pt;">Sander</P> Mon, 11 Mar 2019 01:48:10 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818727#M203962 S M85 2019-03-11T01:48:10Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818728#M203963 <HTML><HEAD></HEAD><BODY><P>ISE (as of now) doesnt support TACACS+ ; hence you will not be able to do shell profiles/priv. commands. </P></BODY></HTML> Fri, 28 Sep 2012 03:25:13 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818728#M203963 tsmarcyes 2012-09-28T03:25:13Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818729#M203964 <HTML><HEAD></HEAD><BODY><P>@Sander, </P><P></P><P>You were in the right area.&nbsp; </P><P></P><P>Policy-&gt;Results-&gt;Authorization-&gt;Authorization Profiles.</P><P></P><P>Create AuthZ profile for Access-Accept and Under the Advanced Attributes Settings you can use:</P><P></P><P style="padding-left: 30px;">Cisco:cisco-av-pair = shell:priv-lvl=15</P><P></P><P style="padding-left: 30px;">or whatever privilege level you want to assign.</P><P></P><P>On your AuthZ rule, match the conditions and apply the created profile.</P></BODY></HTML> Fri, 12 Oct 2012 19:40:56 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818729#M203964 john.steiner 2012-10-12T19:40:56Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818730#M203965 <P>I've tested this recently:</P><H2><A href="http://ltlnetworker.wordpress.com/2014/08/31/using-cisco-ise-as-a-generic-radius-server/" rel="bookmark">Using Cisco ISE as a generic RADIUS&nbsp;server</A></H2> Sun, 31 Aug 2014 11:48:41 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/1818730#M203965 Peter Koltl 2014-08-31T11:48:41Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444798#M568875 <P>Hello, thank you for your response. What if you need to provide privilege level 7 with full running configuration view -&gt; like this<BR />privilege exec level 7 show running-config view full<BR />Is there any option how could I set the atributes in ISE to do this?</P> Thu, 05 Aug 2021 12:47:33 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444798#M568875 mexx03 2021-08-05T12:47:33Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444800#M568876 <P><SPAN>Hello, thank you for your response. What if you need to provide privilege level 7 with full running configuration view -&gt; like this</SPAN><BR /><SPAN>privilege exec level 7 show running-config view full</SPAN><BR /><SPAN>Is there any option how could I set the atributes in ISE to do this?</SPAN></P> Thu, 05 Aug 2021 12:48:12 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444800#M568876 mexx03 2021-08-05T12:48:12Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444843#M568878 <P>You really should use TACACS+ for this...</P> Thu, 05 Aug 2021 13:38:48 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4444843#M568878 rschlayer 2021-08-05T13:38:48Z https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4445274#M568884 <P>If you're defining privilege level 7 and providing the necessary commands on the switch, you can then provide the admin with privilege level 7 by returning a Shell Profile with the Default privilege level 7.</P> <P>See the <A href="https://community.cisco.com/t5/security-documents/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365#toc-hId--919282975" target="_blank" rel="noopener">Cisco ISE Device Administration Prescriptive Deployment Guide</A>&nbsp; for more details.</P> Thu, 05 Aug 2021 22:42:04 GMT https://community.cisco.com/t5/network-access-control/ise-and-switch-authentication-and-privilege-level/m-p/4445274#M568884 Greg Gibbs 2021-08-05T22:42:04Z