https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71901#M679963 <HTML><HEAD></HEAD><BODY><P>Unlike the IOS on a router, there is no authorization or command authorization on the pix.</P><P></P><P>HTH</P><P>Jeff</P></BODY></HTML> Sun, 25 Nov 2001 02:16:16 GMT jekrauss 2001-11-25T02:16:16Z https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71900#M679945 <P>We have a PIX 515 and we are trying to control privilege levels when our admins login to the console port or Telnet. we have the following config</P><P></P><P>aaa-server RADIUS (inside) host 192.168.x.x MySecretKey timeout 4</P><P>aaa authentication telnet console RADIUS</P><P>aaa authentication enable console RADIUS</P><P>aaa authentication serial console RADIUS</P><P></P><P>This allows us to have the Radius authenticate the access but once you have access you can go to Enable mode and all it does is prompt you for your Uid/pswd again.</P><P></P><P>My Radius server supports the Cisco AV Pairs so i tried adding in the users profil the attributes shell:priv-lvl=15 for admins.</P><P></P><P>I also tried adding the atribute Service-type=Login and Service-type=Administrative it still doesn't control the Enable mode access.</P><P></P><P>Any help or guidance would be appreciated.</P><P></P><P>Ronald.</P> Fri, 21 Feb 2020 05:55:02 GMT https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71900#M679945 ronald_beaulieu 2020-02-21T05:55:02Z https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71901#M679963 <HTML><HEAD></HEAD><BODY><P>Unlike the IOS on a router, there is no authorization or command authorization on the pix.</P><P></P><P>HTH</P><P>Jeff</P></BODY></HTML> Sun, 25 Nov 2001 02:16:16 GMT https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71901#M679963 jekrauss 2001-11-25T02:16:16Z https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71902#M679984 <HTML><HEAD></HEAD><BODY><P>Let me add just a clarifying comment. You can, of course, perform authorization THROUGH the PIX, just not authorization of users administering the pix - just authentication.</P></BODY></HTML> Sun, 25 Nov 2001 02:17:28 GMT https://community.cisco.com/t5/network-security/controling-privilege-levels-on-pix-with-radius/m-p/71902#M679984 jekrauss 2001-11-25T02:17:28Z