From: Brian (signal@xxxxxxxxxx)
Date: Sat Mar 16 2002 - 02:32:28 GMT-3
I am having a problem figuring out something in IOS regarding RADIUS.
I want a user to be able to just do a limited number of commands, at
privledge level 7. so I configure the following:
aaa new-model
aaa authentication login default none
aaa authentication login console line
aaa authentication login use_radius radius local
aaa authorization exec default radius if-authenticated
aaa authorization network default radius if-authenticated
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
radius-server host 172.16.2.10 auth-port 1645 acct-port 1646
radius-server key mysecret
privilege exec level 7 disconnect
privilege exec level 7 show running-config
privilege exec level 7 show
privilege exec level 7 logout
privilege exec level 7 exit
privilege exec level 7 clear
line vty 0 4
exec-timeout 0 0
password 7 12170003180A010A2F3F
login authentication use_radius
The radius authentication is working great, I am assigned privledge-level
7, and everything seems to be working correctly, except "show
running-config", which gives me:
User Access Verification
Username: admin
Password:
Term_Srv#show priv
Current privilege level is 7
Term_Srv#show running-config
Building configuration...
Current configuration:
!
! Last configuration change at 07:48:13 cdt Thu Apr 8 1993
! NVRAM config last updated at 07:48:15 cdt Thu Apr 8 1993
!
!
!
!
end
Term_Srv#
Does anyone know why this happens? And how would I go about getting "show
run" to work in priv lev 7?
Thanks,
Brian
-----------------------------------------------
Brian Feeny, CCIE #8036 e: signal@shreve.net
Network Engineer p: 318.222.2638x109
ShreveNet Inc. f: 318.221.6612
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:10 GMT-3