05-31-2013 05:09 AM - edited 03-07-2019 01:39 PM
Hello,
I have 2 local accounts on a 3750 that kick in should radius be unavailable. If I log in as the admin account it gets priv 15, if I log in as the other user it gets privilege 3 which is correct, by my commands dont work, this is what I have added and the strange thing is I've dont this many times before on our other switches, so what am I doing wrong?
username admin privilege 15 secret ***
username users privilege 3 secret ***
aaa new-model
enable view
(enter password)
conf t
parser view priv3
secret ***
commands interface include shutdown
commands interface include no shutdown
commands interface include no
commands configure include interface
commands exec include configure terminal
commands exec include configure
commands exec include show ntp status
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show arp
commands exec include show clock
commands exec include show privilege
commands exec include show interfaces status err-disabled
commands exec include show interfaces Null0 status
commands exec include show interfaces status
commands exec include show interfaces ATM0/1/0 status
commands exec include show interfaces FastEthernet0/1 status
commands exec include show interfaces FastEthernet0/0 status
commands exec include show interfaces
commands exec include show configuration
commands exec include show
commands configure include interface GigabitEthernet1/0/1
commands configure include interface GigabitEthernet1/0/2
commands configure include interface GigabitEthernet1/0/3
commands configure include interface GigabitEthernet1/0/4
commands configure include interface GigabitEthernet1/0/5
commands configure include interface GigabitEthernet1/0/6
commands configure include interface GigabitEthernet1/0/7
commands configure include interface GigabitEthernet1/0/8
commands configure include interface GigabitEthernet1/0/9
commands configure include interface GigabitEthernet1/0/10
commands configure include interface GigabitEthernet1/0/11
commands configure include interface GigabitEthernet1/0/12
commands configure include interface GigabitEthernet2/0/1
commands configure include interface GigabitEthernet2/0/2
commands configure include interface GigabitEthernet2/0/3
commands configure include interface GigabitEthernet2/0/4
commands configure include interface GigabitEthernet2/0/5
commands configure include interface GigabitEthernet2/0/6
commands configure include interface GigabitEthernet2/0/7
commands configure include interface GigabitEthernet2/0/8
commands configure include interface GigabitEthernet2/0/9
commands configure include interface GigabitEthernet2/0/10
commands configure include interface GigabitEthernet2/0/11
commands configure include interface GigabitEthernet2/0/12
None of them seem to work, I really need commands exec include show configuration
to work which lets users type show configuration.
Also when they log in it is like this:
3750#
when it is normally:
3750>
Any ideas?
05-31-2013 05:31 AM
Hi,
why are you using views and don't tie them to your users but use privilege levels instead ?
do you want to use views ?
In this case you must have user "username" view "view name" and add these:
aaa authorization console
aaa authorization exec default group radius local
regards
Alain
Don't forget to rate helpful posts.
05-31-2013 06:19 AM
AAA Auth console is the key part there!
i found that out the hard way.
if you dont set that and set a policy on con0 you can lock yourself out of the switch, and you will have to do config recovery.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: