Solved: Radius authentication allow some of AD accounts not all of them

CSCO12780120 · ‎10-17-2017

Hi everyone,

Can I use Radius authentication but allow parts of AD accounts to login device?

Or only few of user can access privilege level 15?

Configuration :

aaa authentication login default group radius local
aaa authentication enable default none
aaa authorization exec default if-authenticated
aaa accounting exec default stop-only group radius

Looking forward to your response guys.

Rahul Govindan · ‎10-19-2017

If you use ISE, your Authorization policy could be to allow users from a certain AD groups (say Admins) to access network devices. Even though it authenticates all users on AD, the Authorization can restrict users based on your requirements.

View solution in original post

Rahul Govindan · ‎10-19-2017

If you use ISE, your Authorization policy could be to allow users from a certain AD groups (say Admins) to access network devices. Even though it authenticates all users on AD, the Authorization can restrict users based on your requirements.

Peter Koltl · ‎10-23-2017

https://ltlnetworker.wordpress.com/2014/08/31/using-cisco-ise-as-a-generic-radius-server/

jeremykolkosn · ‎01-07-2021

Is there an updated document for configuring Radius with Microsoft Network Policy Server (NPS), which replaced ISE?

Peter Koltl · ‎01-19-2021

No, NPS has not replaced ISE. (-: