You can useper user virtual profiles and assign the acls to the user such as:RADIUS user profile: fooPassword = "bar"User-Service-Type = Framed-User,Framed-Protocol = PPP,cisco-avpair = "ip:inacl#1=deny 10.10.10.10 0.0.0.0"You assign the avpair under...
What I sent disables aaa altogether on the console port. It will take you right in with no authentication or authorization.If you want to use the line password for authentication then do this:aaa authentication login LINE lineline con 0login authent...
Assuming you are using exec and command authorization, create custom lists like:aaa authentication login NO_AUTHEN noneaaa authorization exec NO_AUTHOR noneaaa authorization commands 15 NO_AUTHOR noneThen assign the lists to the console port:line con...
Hi Chris,Yes, they should work via CLI. The only difference is I am running Solaris 2.5(1). If you cut and paste the CLI syntax I sent and it still does not work, I am at a loss. This may be related to BugID CSCds37958, but note the CLI should work...
This is part of EXEC authorization when the user logs in:aaa new-modelaaa authentication login default group tacacs+ localaaa authorization exec default group tacacs+ local tac server key username foo privilege 15 password barAssign the user or grou...