cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1778
Views
0
Helpful
1
Replies
Beginner

AAA Radius and Privilege levels

Is it possible to set up Exec level privleges and their associated commands in RADIUS? I am looking to set up a sub level, say 7, with limited CLI privileges. I can do this locally but want to have the person telnet to router, get authenticated by RADIUS with their normal login ID and password ( like they do everyday when logging into their desktop), and then have them be able to get on the CLI with the corresponding privilege level 7 and limited commands. Is this possible and if so how?

Everyone's tags (3)
1 REPLY 1
Highlighted
Enthusiast

AAA Radius and Privilege levels

Yes you can do it by using Tacacs or Radius:

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authorization exec default group tacacs+ none

You need to manually define all the commands for users in privilege level 7 using "privilege" commands.

For ex:

privilege interface level 7 shutdown

privilege configure level 7 interface

privilege exec level 7 conf t

privilege exec level 7 write memory

privilege exec level 7 reload

privilege exec level 7 show run

Then you need to configure Tacacs/Radius server to return privilege level 7:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml

Zhenning