09-22-2009 02:49 PM
How do we enable AAA command authorization in the ACE module on 6500 switch.i dont find any aaa authorization commands in it .
Kind regards
Ullas
09-23-2009 12:11 AM
Hi Ullas,
The ACE Security Configuration Guide has whole chapters on AAA, TACACS+, RADIUS, roles etc. See http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/security/guide/securgd.html
HTH
Kind Regards
Cathy
09-23-2009 09:49 AM
HI cathy ...I refered the docs earlier too and i did the following config from that.
radius-server host 10.41.168.16 key XXXXXXXX
radius-server host 10.41.168.16 auth-port 1812
radius-server host 10.41.168.16 acct-port 1813
radius-server host 10.41.168.16 authentication
radius-server host 10.41.168.16 accounting
aaa group server radius RadiusServers
server 10.41.168.16
aaa authentication login console group RadiusServers local none
aaa accounting default group RadiusServers local
The issue i am facing is ...i cant login to the config mode.
Its not authorising me to do config commands.How do i specify the option not use Radius server for command authorisation.
Ullas
09-23-2009 11:06 PM
Hi,
See the ACE Security Guide - Chapter 2. You need to set a CiscoAVPair. How you do this will depend on the RADIUS software that you are using. It sounds like you're being put into Network-Monitor role by default. Quote from the manual:
"The user profile attribute serves an important configuration function for a RADIUS server group. If the user profile attribute is not obtained from the server during authentication, or if the profile is obtained from the server but the context name(s) in the profile do not match the context in which the user is trying to log in, a default role (Network-Monitor) and a default domain (default-domain) are assigned to the user if the authentication is successful."
There are postings in this and other Cisco fora about exactly how to set these values (which depends on your RADIUS server implementation).
HTH
Cathy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: