Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1628
Views
0
Helpful
1
Replies

Configuring privileg levels in MS IAS RADIUS server

DANIEL WANG
Level 1
Level 1

‎05-12-2004 11:26 AM - edited ‎03-10-2019 07:47 AM

We use IAS for all our AAA authenications on all of our cisco devices. All works great. We also want to be able to logon to the http-server on all the catalyst switches through AAA. But the web logon requires priv-level 15.

I have checked the cisco web site and this forum but only found instructions using TACACS+ and secure Cisco NT server.

I tried the Cisco-AV-pair value shell:priv-lel=15, with service type login or NAS-prompt. Nothing works.

Here is the eventlog message:

Event Type: Warning

Event Source: IAS

Event Category: None

Event ID: 2

Date: 5/12/2004

Time: 12:10:07 PM

User: N/A

Computer: XXXXXX

Description:

User XXXX was denied access.

Fully-Qualified-User-Name = XXXXX.com/XXX - IT/DXXXX WXXXX

NAS-IP-Address = 172.16.1.201

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = 172.16.2.106

Client-Friendly-Name = XXXMV3524

Client-IP-Address = 172.16.1.201

NAS-Port-Type = Virtual

NAS-Port = 1

Policy-Name = privilege level 15 access to Cisco

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 66

Reason = The user attempted to use an unauthorized authentication method.

Thanks!

Labels:
0 Helpful
1 Reply 1

DANIEL WANG
Level 1
Level 1

‎05-12-2004 02:55 PM

This URL helped me enable priv level 15 access with RADIUS/IAS.

http://www.giac.org/practical/GCWN/Damon_Martin.pdf

But I still have the problem with http logon on the switch. Apparently the http does not use AAA for authentication. How do I make it use AAA?

Anyone ? Please ?

0 Helpful
Customers Also Viewed These Support Documents