Either you are not authenticating to ACS and you have a local user database configured with the user and a privilege of 15 or your VTY has the command privilege-level 15 or the group the user is configured for in ACS is set for privilege 15. Fix one of those three things and it should work properly for you
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Sent: Friday, August 06, 2010 11:53 PM To: Yogesh Gawankar; [email protected] Subject: Re: [OSL | CCIE_Security] Radius AAA It would be better if you posted the config and what you did on the AAA On Sat, Aug 7, 2010 at 12:07 AM, Yogesh Gawankar <[email protected]> wrote: HI all I have having bit of trouble getting aaa with radius to work. Set up is simple. I have created a user ipexpert in ACS with a password of ipexpert. I have a router 2811 which is the NAS.I have set up aaa on the VTY lines .The user is being authenticated when i telnet to the router . However he is not getting priv-lvl=2 as per my configuration on the acs. He is put into privilege 15. Any reason for this? If i do debugs it is sending the attribute with priv-lvl=2. Regards Yogesh _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
