I'm trying to configure Cisco routers (7206,3662, 2600, etc...) to use Radius authentication. I'd like the authenticated user(s) to either be dropped directly into enable mode or left only at the telnet prompt based on their authority (defined by the Radius server). I'm assuming this involves two levels of AAA. Authentication and Authorization. I have been able to configure a 3662 (Version 12.2(2)T) to allow authentication and leave the logged on user at an enable prompt without requiring the user to enter the 'enable' command. What I am unable to get to work properly is the latter part of my requirement. i.e. those without authority to enable mode only get the telnet prompt and view access to the router. Any suggestions on how to allow this configuration? Here's my configuration; -------------------------- -------------------------- Radiator Radius is my radius server. Cisco router: ----------------- aaa new-model aaa authentication login default group radius enable aaa authentication enable default group radius enable aaa authorization exec default group radius local radius-server host 200.x.x.x auth-port 1645 acct-port 1646 key 7 xxxxxxxx radius-server retransmit 3 -- David A. Lauer IFX Communications Ventures Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16310&t=16310 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
