Re: aaa configuration with Radius

Raghavendra.P · ‎02-28-2018

Hi All,

I have a problem in AAA configuration on switch Cisco 3560 the IOS is C3560-ADVIPSERVICESK9-M, Version 12.2(25)SE.

The AAA configuration is working fine with Radius but after Authenticating the switch is login and entering in enable mode instead of entering in privilege mode.

When providing the Enable it asking for enable password then entering to privilege mode.

Can any help me to configure which should not ask for enable password which should directly enter in privilege mode

Presently AAA configuration on switch is as below.

aaa new-model
aaa authentication login default group radius local
aaa authentication login NOAUTH none
aaa accounting exec default start-stop group radius
aaa accounting connection default start-stop group radius
!
aaa session-id common

radius-server host X.X.2.100 auth-port 1645 acct-port 1646 key 7 ABCD
radius-server source-ports 1645-1646
radius-server timeout 2
radius-server key 7 ABCD

johnd2310 · ‎02-28-2018

,

What is the configuration on the Radius server?

Thanks

John

**Please rate posts you find helpful**

Philip D'Ath · ‎02-28-2018

Try adding something like:

aaa authorization exec default group radius

Jatin Katyal · ‎02-28-2018

In addition to what Philip suggested, ensure that you are pushing attribute -

Service-Type = Administrative in the authorization profile. Please refer the attached screen shot.

~Jatin

Mohammed al Baqari · ‎02-28-2018

line vty 0 15
privilege level 15

Or configure aaa authentication login default group tacacs , aaa
authentication enable default group tacacs along with your exec
authorization command. Then in radius server configure Shell(Exec) level to
15