aaa new-model aaa authentication login default none aaa authentication login con none aaa authentication login vty group radius aaa authentication enable default enable aaa authorization exec default group radius
ip radius source-interface Loopback0 radius-server attribute 6 mandatory radius-server host 10.1.1.100 auth-port 1812 acct-port 1813 key ipexpert radius-server vsa send accounting radius-server vsa send authentication parser view limited secret 5 $1$mCJ5$Eoq3E30WEqDiBqGBpn9V.1 commands exec include show ip interface brief commands exec include show ip interface commands exec include show ip commands exec include show clock commands exec include show version commands exec include show logging commands exec include show ! parser view limited2 secret 5 $1$N.IR$Fv0Jk7IkFpdCuCpCDXsb.. commands exec include ping commands exec include all show interfaces commands exec include show ! parser view super secret 5 $1$WWuS$oOrY4mkKRrCFkwpA7NHdn0 commands interface include shutdown commands interface include no shutdown commands interface include no commands configure include interface commands exec include configure terminal commands exec include configure commands exec include all show commands configure include interface FastEthernet0/1.49 ! parser view super-user superview secret 5 $1$mP4v$Hn1PdYa2Dt7c66/flrGDU1 view limited view limited2 view super debug radius and author- R4# Feb 26 17:37:42.773: AAA/BIND(00000013): Bind i/f Feb 26 17:37:42.773: RADIUS/ENCODE(00000013): ask "Username: " Feb 26 17:37:42.773: RADIUS/ENCODE(00000013): send packet; GET_USER R4# Feb 26 17:37:45.789: RADIUS/ENCODE(00000013): ask "Password: " Feb 26 17:37:45.789: RADIUS/ENCODE(00000013): send packet; GET_PASSWORD Feb 26 17:37:47.541: RADIUS/ENCODE(00000013):Orig. component type = EXEC Feb 26 17:37:47.541: RADIUS/ENCODE(00000013): dropping service type, "radius-server attribute 6 on-for-login-auth" is off Feb 26 17:37:47.541: RADIUS(00000013): Config NAS IP: 4.4.4.4 Feb 26 17:37:47.541: RADIUS/ENCODE(00000013): acct_session_id: 17 Feb 26 17:37:47.541: RADIUS(00000013): sending Feb 26 17:37:47.545: RADIUS(00000013): Send Access-Request to 10.1.1.100:1812 id 1645/17, len 85 Feb 26 17:37:47.545: RADIUS: authenticator A4 BD 3C 00 D9 59 48 20 - 41 16 AA 18 6F 13 B0 D4 Feb 26 17:37:47.545: RADIUS: User-Name [1] 9 "limited" Feb 26 17:37:47.545: RADIUS: User-Password [2] 18 * Feb 26 17:37:47.545: RADIUS: NAS-Port [5] 6 514 Feb 26 17:37:47.545: RADIUS: NAS-Port-Id [87] 8 "tty514" R4#Feb 26 17:37:47.545: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Feb 26 17:37:47.545: RADIUS: Calling-Station-Id [31] 12 "10.1.1.100" Feb 26 17:37:47.545: RADIUS: NAS-IP-Address [4] 6 4.4.4.4 Feb 26 17:37:47.553: RADIUS: Received from id 1645/17 10.1.1.100:1812, Access-Accept, len 91 Feb 26 17:37:47.553: RADIUS: authenticator AC DF 7E 66 06 DD 8B B6 - 92 60 AF 36 7B FC 2A 69 Feb 26 17:37:47.553: RADIUS: Framed-IP-Address [8] 6 255.255.255.255 Feb 26 17:37:47.553: RADIUS: Vendor, Cisco [26] 35 Feb 26 17:37:47.553: RADIUS: Cisco AVpair [1] 29 "shell:cli-view-name=limited" Feb 26 17:37:47.557: RADIUS: Service-Type [6] 6 NAS Prompt [7] Feb 26 17:37:47.557: RADIUS: Class [25] 24 Feb 26 17:37:47.557: RADIUS: 43 41 43 53 3A 30 2F 39 34 65 2F 34 30 34 30 34 [CACS:0/94e/40404] Feb 26 17:37:47.557: RADIUS: 30 34 2F 35 31 34 [04/514] Feb 26 17:37:47.557: RADIUS(00000013): Received from id 1645/17 Feb 26 17:37:47.557: AAA/AUTHOR/EXEC(00000013): processing AV cli-view-name=limited Feb 26 17:37:47.557: AAA/AUTHOR/EXEC(00000013): processing AV service-type=7 Feb 26 17:37:47.561: AAA/AUTHOR/EXEC(00000013): Authorization successf as you can see it is being placed into the correct view, and show parser view on telnet client confirms this. apreciate any comments.. thanks LR _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
