Users Guide
Authentication, Authorization, and Accounting 299
With the users that were previously configured, the guest user will still log
into user Exec mode, since the guest user only has privilege level 1 (the
default). The admin user will be able to login directly to Privileged Exec mode
since his privilege level was configured as 15.
RADIUS Authorization Example—Direct Login to Privileged Exec Mode
Apply the following configuration to use RADIUS for authorization, such that
a user can enter Privileged Exec mode directly:
aaa authorization exec “rad” radius
line telnet
authorization exec rad
exit
Configure the RADIUS server so that the RADIUS attribute Service Type (6)
is sent with value Administrative. Any value other than Administrative is
interpreted as privilege level 1.
The following describes each line in the above configuration:
• The
aaa authorization exec “rad” radius
command creates an exec
authorization method list called “rad” that contains the method radius.
• The
authorization exec rad
command assigns the rad exec authorization
method list to be used for users accessing the switch via Telnet.
RADIUS Authorization Example—Administrative Profiles
The switch should use the same configuration as in the previous
authorization example.
NOTES:
• If the privilege level is zero (that is, blocked), then authorization
will fail and the user will be denied access to the switch.
• If the privilege level is higher than one, the user will be placed
directly in Privileged Exec mode. Note that all commands in
Privileged Exec mode require privilege level 15, so assigning a user
a lower privilege level will be of no value.
• A privilege level greater than 15 is invalid and treated as if privilege
level zero had been supplied.