http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_r1.html#w p1062665
As you can see it is disabled by default. Did you include the following attributes for the user being sent from ACS shell:priv-lvl=15 cli-view-name=<name of view> http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_r1.html#w p1057754 The attribute 6 command is not required but what it does is set the service type attribute as required instead of just optional. Lastly depending on the version of code you are running you may not get a # prompt it may still show as > although you are at the right level. To test to see if you have access to the commands you should simply type in "config t" Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Wednesday, September 22, 2010 10:53 AM To: OSL Security Subject: [OSL | CCIE_Security] Vol 1 , Lab 5A , Task 5.7 Hello All, I have some doubts regarding Task 5.7 ( RBAC ). When i configure everything according to the DSG and if i login, i'm only able to get into the User EXEC mode. After typing in the enable password i'm able to get into the privi EXEC mode. But here in the DSG, in the demonstration, we can see that the user "limited" , after logging in, is automatically in Privilege EXEC mode. I was wondering why it's not working for me. Also, is'nt "radius-server vsa send authentication" enabled by default? Because i don't remember entering that command anytme before , but the NAS was still accepting cisco vendor-proprietary AV pairs. Can someone also tell me why we need "attribute" 6? Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
