05-21-2014 01:23 PM - edited 03-10-2019 09:44 PM
I've got radius authentication working on my switch, but I'm trying to allow two types of users login using Windows Active Directory. NetworkUsers who can view configuration and NetworkAdmins who can do anything. I would like for NetworkAdmins to when they login go directly into privilege level 15 but cant get that part to work. Here is my setup:
Windows 2008 R2 Domain controller with NPS installed.
Radius client: I have the IP of the switch along with the key. I have cisco selected under the vendor name in the advance tab
Network Policies:
NetworkAdmins which has the networkadmin group under conditions and under settings i have nothing listed under Standard and for Vendor Specific i have :
Cisco-AV-Pair Cisco shell:priv-lvl=15
My switch config:
aaa new-model
!
!
aaa group server radius MTFAAA
server name dc-01
server name dc-02
!
aaa authentication login NetworkAdmins group MTFAAA local
aaa authorization exec NetworkAdmins group MTFAAA local
radius server dc-01
address ipv4 10.0.1.10 auth-port 1645 acct-port 1646
key 7 ******
!
radius server dc-02
address ipv4 10.0.1.11 auth-port 1645 acct-port 1646
key 7 ******
!
No matter what i do it doesnt default to privilege level 15 when i login. Any thoughts
Solved! Go to Solution.
05-21-2014 03:04 PM
05-21-2014 03:04 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide