RADIUS authentication on Cisco switches: how to assign privilege levels?

Question

I need to configure some Cisco switches (IOS 12.x) to authenticate against a RADIUS server; the server is Windows Server 2003's IAS, and it validates users against his Active Directory domain.

I know how to configure the switches to validate usernames/passwords against the RADIUS server, and I can succesfully login using an AD account; the question is: how can I set privilege level 15 for users, in order to not have to use enable each time?

score 3 · Answer 1 · answered Mar 28 '10 at 08:32

3

send back the cisco-av-pair attribute with a value of "shell:priv-lvl=15".

answered Mar 28 '10 at 08:32

score 1 · Accepted Answer · answered Mar 25 '10 at 09:07

1

Have a look here: How to Assign Privilege Levels with TACACS+ and RADIUS

answered Mar 25 '10 at 09:07

Daniele Santi

2,479
1
25
22

I found that soon after posting the question :-) But I'm still accepting your answer, as that page actually helped me a lot. The only difficult bit was setting "shell:priv-lvl=15" on IAS, but it can be done. – Massimo Mar 25 '10 at 19:59

RADIUS authentication on Cisco switches: how to assign privilege levels?

2 Answers2