Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Other/General Certifications
AAA Radius Privilege levels
saddayz
Hello,
I've setup a Windows 2012 Server R2 Radius server to commmunicate with CISCO IOS devices.
There are two categories of users: with just read only rights(shell:priv-lvl=1), and read/write (shell:priv-lvl=15).
The Router configuration on GNS3 is straightforward:
aaa authentication login VTY group RAD1 local
aaa authorization exec AUTH_VTY group RAD1 local if-authenticated
line vty 0 20
login authentication VTY
authorization exec AUTH_VTY
So, my goal is to read only users allow to just read, to read/write users allow to do all.
but the situation is different. Users with (shell:priv-lvl=15) gets into privileged mode as it should.
And users with (shell:priv-lvl=1) goes to operational mode (>) and after typing "enable" they goes into priviledge mode.
Is this a normal behaviour with Priviledge 1 - to be able to get to enable ? Maybe my problem is just to create the enable password, which is unknown for users with priviledge lvl 1 ?
Also the second question:
Do the if-authenticated command is needed ? could not figure point of that.
Thanks
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
There are no comments yet
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
