The ACE Security Configuration Guide has whole chapters on AAA, TACACS+, RADIUS, roles etc. See http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/security/guide/securgd.html
HI cathy ...I refered the docs earlier too and i did the following config from that.
radius-server host 10.41.168.16 key XXXXXXXX
radius-server host 10.41.168.16 auth-port 1812
radius-server host 10.41.168.16 acct-port 1813
radius-server host 10.41.168.16 authentication
radius-server host 10.41.168.16 accounting
aaa group server radius RadiusServers
aaa authentication login console group RadiusServers local none
aaa accounting default group RadiusServers local
The issue i am facing is ...i cant login to the config mode.
Its not authorising me to do config commands.How do i specify the option not use Radius server for command authorisation.
See the ACE Security Guide - Chapter 2. You need to set a CiscoAVPair. How you do this will depend on the RADIUS software that you are using. It sounds like you're being put into Network-Monitor role by default. Quote from the manual:
"The user profile attribute serves an important configuration function for a RADIUS server group. If the user profile attribute is not obtained from the server during authentication, or if the profile is obtained from the server but the context name(s) in the profile do not match the context in which the user is trying to log in, a default role (Network-Monitor) and a default domain (default-domain) are assigned to the user if the authentication is successful."
There are postings in this and other Cisco fora about exactly how to set these values (which depends on your RADIUS server implementation).