09-04-2007 09:16 PM - edited 03-10-2019 03:22 PM
Hi guys, i was configuring auth-proxy . i had a
m/c---(inside)router(outside)---internet
now i want that a normal user is not able to get the telnet access of my router, only certain users can have the telnet access fromt the inside. i dont want to use NAR. i want to do this only with radius authorization.
i was looking for controlling the access of the users to the router with the help of radius,
aaa authorization exec default group tacacs+
when i use the above command i knw that i can control the shell access by checking shell box,but when i use the below command
aaa authorization exec default group radius
i was not able to find any particular radius av-pair which can control the exec shell access in respect to the above one.
09-05-2007 12:38 AM
Following is the av-pair for privilege level 15
shell:priv-lvl=15
In Addition also select attribute 6
Service-type = login
~Rohit
09-05-2007 12:57 AM
Hi rohit, i am looking to deny a specific user from getting the exec shell of my router with radius authorization.. the above attributes will assign a user a priv level 15...
09-06-2007 06:00 PM
So do not assign any privilege level to the user , or assign privilege level 0.
~Rohit
09-08-2007 08:54 AM
Hi,
Make use of this,
shell:priv-lvl=15
shell:autocmd=exit
So what will happen with this is, as soon as user tries to log into shell, BOOM!, user will exit out.
NOTE: I have not tried this exactly, but should work, you might be required to use separator, ";" i.e.,
shell:priv-lvl=15;
shell:autocmd=exit
Regards,
Prem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide