cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1275
Views
0
Helpful
0
Replies

cisco ASA radius (NPS) privilege level issue

faghouri83
Level 1
Level 1

Hi Everyone

 

Don't know if this is the correct section to post this but I have an issue with logging in with the correct privilege level on the ASA's.  Basically what I have on the network is two sets of users, one with priv level 15 and one with read on priv level 8.  

 

I have 3 network policies on the radius server:

1. Admin (priv 15)

2. Users( priv

3. ASA users (priv

 

Username/password is authenticated via active directory. Now the top two are running a shell script to assign the priv level for routers and switches: 

 

shell:priv-lvl=8

 

I understand that you can't do this for ASA's as it doesn't understand the above command, hence why i created the third "ASA users" network policy on the radius server. I then used a way of assigning the correct privilege level by using the guide here:

https://blog.junico.uk/2020/02/27/assigning-privilege-levels-on-cisco-asa-with-radius/

 

Now my problem is, when i move the ASA users network policy on the radius server to the 2nd position and try to log in via a priv level 8 user, I get the correct priv level 8 however I get logged in as priv level 15 when I log into a router/switch. When i move this network policy to the third position (last) and try to log in, i will get logged in as priv level 15 when it should be level 8. 

 

Has anyone had this kind of problem? How did you work around it? 

 

thanks

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: