Configuring AAA with free radius server

Debabrata Majhi · ‎03-09-2022

Hi All

I am trying to configure my switch to get authentication using radius .Here is the below configuration

aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa accounting exec default start-stop group radius

Able to login the switch but it is coming in "cisco>" every time i need to put enable password What is the configuration is require so that when I can login it will directly to go "cisco# "

Looking for your help to fix the issue

Thanks

Debabrata

marce1000 · ‎03-09-2022

- The radius server must be able or configured to return certain attributes , ref : https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

Look at the paragraph/example starting from : Cisco Secure UNIX RADIUS (the server must support Cisco av-pairs and or be configured in a similar manner)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎03-09-2022

what radius is this ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Debabrata Majhi · ‎03-09-2022

Hi

It is freeradius install in Centos

Thanks

marce1000 · ‎03-09-2022

- The radius server must be able or configured to return certain attributes , ref : https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

Look at the paragraph/example starting from : Cisco Secure UNIX RADIUS (the server must support Cisco av-pairs and or be configured in a similar manner)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎03-09-2022

Appologies the subject has that information :

Do you have AAA configured on Switch and using freeradius as device admin then the user should be priv 15 to get direct # access

follow bellow guide ( in addtion to other sugggested)

https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/116291-configure-freeradius-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎03-09-2022

Hello,

what else is in your configuration ? Post the full output of 'sh run'. Make sure you also have:

#adius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server key secret_key

confgured.

Debabrata Majhi · ‎03-09-2022

Hi

Issue fixed with configuration in freedadius

cisco Cleartext-Password := "password"
       Service-Type = NAS-Prompt-User,
       Cisco-AVPair = "shell:priv-lvl=15"

Thanks all your support

Debabrata Majhi · ‎03-09-2022

Hi

Can any one help how to integrate Active directory with Free Radius for central authentication for network device login

Thanks

balaji.bandi · ‎03-09-2022

The document here step by step :

https://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help