Solved: Re: Cisco 5K switch radius logins have reduced priviledge - Page 2

support1@lima.co.uk · ‎05-09-2023

Hi,

I have configured radius on some N5K-C5672UP switches. Running 7.3(13)N1(1).

I can login using my AD credentials but for some reason I seem to have a reduced privilege level and cannot see all commands when doing a conf t.

L1N5K02-P(config)# ?
no Negate a command or set its defaults
username Configure user information.
end Go to exec mode
exit Exit from command interpreter

L1N5K02-P(config)#

When I login as a local admin I can configure more of the device but I am unable to set the VTY line to 15

L1N5K02-P(config)# line vty
L1N5K02-P(config-line)# ?
absolute-timeout Configure absolute timeout
access-class Specify IPv4 access control for packets
exec-timeout Configure exec timeout
ip Configure IP features
ipv6 Configure IPv6 features
logout-warning Configure logout warning
no Negate a command or set its defaults
session-limit Set the max no of concurrent vsh sessions
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in

L1N5K02-P(config-line)#

I believe the NPS server is setup correct as my AD account is working correctly for other network devices.

MHM Cisco World · ‎05-10-2023

shell:roles*\network-admin\
OR
shell:roles=\network-admin\

try see which one is accept by NSK

support1@lima.co.uk · ‎05-10-2023

No difference. Radius is working for another device and I can see the full range of conf t commands but on the device is question I only see a few. I am unsure if this is a NPS issue or more a switch issue...

support1@lima.co.uk · ‎05-10-2023

My local admin account is getting a network role of network-admin whereas my AD account is getting network-operator. How do I amend this?

L1N5K02-P# show user-account
user:admin
this user account has no expiry date
roles:network-admin

user:ad_account_adm
roles:network-operator