Hi Everyone
Don't know if this is the correct section to post this but I have an issue with logging in with the correct privilege level on the ASA's. Basically what I have on the network is two sets of users, one with priv level 15 and one with read on priv level 8.
I have 3 network policies on the radius server:
1. Admin (priv 15)
2. Users( priv
3. ASA users (priv
Username/password is authenticated via active directory. Now the top two are running a shell script to assign the priv level for routers and switches:
shell:priv-lvl=8
I understand that you can't do this for ASA's as it doesn't understand the above command, hence why i created the third "ASA users" network policy on the radius server. I then used a way of assigning the correct privilege level by using the guide here:
https://blog.junico.uk/2020/02/27/assigning-privilege-levels-on-cisco-asa-with-radius/
Now my problem is, when i move the ASA users network policy on the radius server to the 2nd position and try to log in via a priv level 8 user, I get the correct priv level 8 however I get logged in as priv level 15 when I log into a router/switch. When i move this network policy to the third position (last) and try to log in, i will get logged in as priv level 15 when it should be level 8.
Has anyone had this kind of problem? How did you work around it?
thanks