cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
282
Views
0
Helpful
3
Replies
Highlighted
Beginner

How do I create a non-administrative RADIUS user?

Hello, I have some Cisco 2960X switches in which I authenticate using RADIUS.

 

I was wondering if there's a way to create a non-administrative user for them using a RADIUS server?

This user should only execute the following commands: show interface status, duplex <mode>, switchport, descriptionshutdown and no shutdown.

 

Is this possible?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: How do I create a non-administrative RADIUS user?

If the RADIUS server that you are using is ISE, then it is commonly done with TACACS.

You create a shell profile for the device, a command set (limiting commands), and then an authentication and authorization rule that the user/switch matches. This is a good graphical guide showing an example.
https://networkproguide.com/configure-cisco-ise-tacacs-server/

If the RADIUS server you are using doesn't offer TACACS, it still possible to restrict authentication users from accessing config t, just a different guide.
3 REPLIES 3
Engager

Re: How do I create a non-administrative RADIUS user?

Hi @alemanetz ,

 

Maybe this discussion of the community can help you:

https://community.cisco.com/t5/firewalls/privilege-level-assignment-via-radius/td-p/2221818

 

Regards

VIP Engager

Re: How do I create a non-administrative RADIUS user?

If the RADIUS server that you are using is ISE, then it is commonly done with TACACS.

You create a shell profile for the device, a command set (limiting commands), and then an authentication and authorization rule that the user/switch matches. This is a good graphical guide showing an example.
https://networkproguide.com/configure-cisco-ise-tacacs-server/

If the RADIUS server you are using doesn't offer TACACS, it still possible to restrict authentication users from accessing config t, just a different guide.
Beginner

Re: How do I create a non-administrative RADIUS user?

Thanks for your answer!

 

I'm using NPS as my RADIUS server. How would I go around this?