Using this configuration to radius control console and telnet access :aaa authentication login default group Sts-radius local

aaa authorization exec default group Sts-radius local

aaa accounting exec default start-stop group Sts-radius

In wlse I've configured :

diagonale@Sts-radius:aaa-server user

aaa-server user diagonale password <encrypted>

aaa-server user xxx password <encrypted>

attributes =

cisco-avpair = shell:priv-lvl=15

service-type = login

The resultat:

user fr231662 can log via console or telnet as required.

user diagonale cannot connect via telnet as required, but CAN connect via console.

I wish to NOT allow diagonale to connect via console.

How can I do that ??

Thanks