AAA Configuration with Cisco WS-C2960X-24TD-L

asdrewaqf · ‎05-20-2024

Hello Everyone, lets talk about the issue directly, i've 2 Cisco SWs

first one is:-

SG300-28PP 28-Port Gigabit PoE+ Managed Switch
AAA applied with Microsoft NPS server to be authenticated by ActiveDirectory users/groups and it worked properly with no issues.

second one is:-

WS-C2960X-24TD-L
AAA also applied but i've an issue that i couldn't sort it out, on the NPS server i've 2 policies one for admins with exec-priv=15 and second for non-admins with exec-priv=7 my problem is whenever a nonadmin user try to login he got access with exec-priv=15! however he matched on the non-admin policy with exec-priv=7!

--> i'll upload the 2 SWs configuration files..

--> and also be noted that the exec-priv working well with the first SW "SG300-28PP 28-Port Gigabit PoE"

--> i belive its related to authorization or something likethat..

--> this image is the radius configuration "exec-shell attribute"

balaji.bandi · ‎05-20-2024

you have only posted priv 15, how about policy you created and confirming that user in different group

check below guide for reference : (also on switch have 2 configuration for radius, so remove that not to confuse)

https://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

asdrewaqf · ‎05-20-2024

Thank you for the reply but the other policy is the same as the provided one except for shell:priv-lvl=7. however i've tried the guide u mentioned but unfortunately it still gives me the same privilege 15 however im setting it to priv=7

any help please.

asdrewaqf · ‎05-20-2024

just another note it works like a charm on the other SW "SG300-28PP 28-Port Gigabit PoE+ Managed Switch"