Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1517
Views
0
Helpful
2
Replies

AAA and Role based access (NPS)

Go to solution
Esteban Talavera
Level 1
Level 1

‎07-04-2013 09:11 AM - edited ‎03-10-2019 08:37 PM

Hi

I authenticate all my cisco switches and routers with AAA + NPS + AD

A server runs NPS service with cisco attribute shell:priv-lvl=15 or 5, depending of AD group.

But I'd like configure role based with IOS view.

When I issue the enable view command,  I get

Password:

I tried with my AD password, enable configurated password, and always gets

% Authentication failed

Mi line vty config

line vty 0 4

authorization exec VTY-AAA

login authentication VTY-AAA

transport input ssh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎07-04-2013 05:42 PM

Have you gone through the below listed parser view configuration example. Please check here

View authentication is performed by an external authentication server via the new attribute "cli-view-name" so you need to use cisco-av-pair as cli-view-name=xxxx

AAA authentication associates only one view name to a particular user; that is, only one view name can be configured for a user in an authentication server.

In case you still have any issues, run debug parser view and share the output, I'll try to help.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎07-04-2013 05:42 PM

Have you gone through the below listed parser view configuration example. Please check here

View authentication is performed by an external authentication server via the new attribute "cli-view-name" so you need to use cisco-av-pair as cli-view-name=xxxx

AAA authentication associates only one view name to a particular user; that is, only one view name can be configured for a user in an authentication server.

In case you still have any issues, run debug parser view and share the output, I'll try to help.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Go to solution
Esteban Talavera
Level 1
Level 1
In response to Jatin Katyal

‎07-08-2013 09:25 AM

Sorry, by mistake I click on "Correct Answer"

The problem is I can switch to  view context

DC1841Ro1(config)#parser view MYVIEW

No view Active! Switch to View Context

When I try to switch

DC1841Ro1#enable view

Password:

% Authentication failed

None password allows me to enter. Remeber I'm using AAA + NPS + ADirectory

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents