10-18-2018 06:49 PM
09-24-2020 08:23 AM
Just an update; Radius now working using attribute / value Cisco-AVPair=shell:priv-lvl=15.
07-30-2020 12:13 PM
I am currently trying to configure radius (using freeradius) for some ISW switches but without success. I have been searching around and found this post. Out of curiosity; what attribute and value did you use to get privilege level whit ssh-login? I have tried priv-lvl = 15 but this doesn’t seem to work, and so far I have only been able to get read-access.
10-22-2018 11:03 AM
10-22-2018 08:25 AM
ip http server ! aaa new-model aaa authentication login CONSOLEandHTTP radius local aaa authorization exec CONSOLEandHTTP radius local ! ip http authentication aaa ! line con 0 login authentication CONSOLEandHTTP authorization exec CONSOLEandHTTPHTTP V1.1 Server - After Cisco Bug ID CSCeb82510With the integration of Cisco bug ID CSCeb82510 (registered customers only) in Cisco IOS Software Releases 12.3(7.3) and 12.3(7.3)T, the HTTP server can use independent authentication and authorization methods of its own, with new keywords in the ip http authentication aaa command. The new keywords are:
router(config)#ip http authentication aaa command-authorization listname router(config)#ip http authentication aaa exec-authorization listname router(config)#ip http authentication aaa login-authentication listnameThis is example output:
ip http server ! aaa new-model aaa authentication login HTTPonly radius local aaa authorization exec HTTPonly radius local ! ip http authentication aaa ip http authentication aaa exec-authorization HTTPonly ip http authentication aaa login-authentication HTTPonlyDebugIssue these debug commands in order to troubleshoot problems with HTTP authentication/authorization:
debug ip tcp transactions debug modem !--- If you use the HTTP 1.0 server. debug ip http authentication debug aaa authentication debug aaa authorizationdebug radius