4000 Router Series Fundamentals Configuration Guide

Local users have more access permissions than intended

Symptom

A local user can use more commands than should be permitted by the assigned user roles.

Analysis

The local user might have been assigned to user roles without your knowledge. For example, the local

user is automatically assigned a default user role when you create it.

Solution

Use the display local-user command to examine the local user accounts for undesirable user roles, and

delete them.

Symptom

Attempts by a RADIUS user to log in to the network access device always fail, even though the network

access device and the RADIUS server can communicate with one another and all AAA settings are

correct.

Analysis

RBAC requires that a login user have at least one user role. If the RADIUS server does not authorize the

Solution

Resolve the problem in one of the following ways:

• Configure the role default-role enable command so a RADIUS user can log in with the default user

role when no user role is assigned by the RADIUS server.

• Add the user role authorization attributes on the RADIUS server.