08-03-2004 11:09 PM
Hi all
I've got a problem with configuring aaa on the m9500, users telnetting to the device get authenticated but does not appear to have the right authorization level for all the commands ie copy. The radius server has no problem authenticating users. Is there something that im missing?
all i have is:
aaa authentication login default group radius local
and the associated radius-server commands
thanks in advance
08-04-2004 06:04 AM
It sounds like you're not getting network-admin privileges. You can check this with "sh user-account" on the switch CLI.
On the RADIUS server, how are you configuring the AV pair? It should look something like this:
cisco-av-pair=shell:roles="network-admin"
You should remove "cisco-av-pair=" if you're using the Cisco ACS server.
If you're using role-based access, you can add other roles after network-admin (separated by spaces).
08-05-2004 06:44 PM
thanks for that.. it worked
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide