Hi All, Sorry if this is a posted in the wrong group. I am trying to setup RADIUS authentication to my cisco switches via a Windows IAS 2003 server.
After reading the Cisco docs I have come up with this config for the switches.
aaa new-model aaa authentication login default group radius local none aaa authentication enable default group radius none aaa authorization exec default group radius local if-authenticated aaa authorization commands 0 default group radius none aaa authorization commands 1 default group radius none aaa authorization commands 15 default group radius none aaa accounting exec default start-stop group radius aaa accounting commands 15 default stop-only group radius aaa accounting network default stop-only group radius aaa accounting connection default stop-only group radius aaa accounting system default stop-only group radius ! tacacs-server host x.x.x.x tacacs-server directed-request tacacs-server key XXXXXXXXXX
What I do not userstand is how do I get user to log onto only get level 0, 1 and 15. I assume I have to create new groups on the windows AD side but how does this match the config above? Sorry if I apear a bit dumd J