Hi Lee, what sort of comments are you looking for? Is there a specific problem or everything is working as expected? Cheers, Jerome
On Sun, Feb 27, 2011 at 4:39 AM, LEE READE <[email protected]> wrote: > > aaa new-model > aaa authentication login default none > aaa authentication login con none > aaa authentication login vty group radius > aaa authentication enable default enable > aaa authorization exec default group radius > > ip radius source-interface Loopback0 > radius-server attribute 6 mandatory > radius-server host 10.1.1.100 auth-port 1812 acct-port 1813 key ipexpert > radius-server vsa send accounting > radius-server vsa send authentication > > parser view limited > secret 5 $1$mCJ5$Eoq3E30WEqDiBqGBpn9V.1 > commands exec include show ip interface brief > commands exec include show ip interface > commands exec include show ip > commands exec include show clock > commands exec include show version > commands exec include show logging > commands exec include show > ! > parser view limited2 > secret 5 $1$N.IR$Fv0Jk7IkFpdCuCpCDXsb.. > commands exec include ping > commands exec include all show interfaces > commands exec include show > ! > parser view super > secret 5 $1$WWuS$oOrY4mkKRrCFkwpA7NHdn0 > commands interface include shutdown > commands interface include no shutdown > commands interface include no > commands configure include interface > commands exec include configure terminal > commands exec include configure > commands exec include all show > commands configure include interface FastEthernet0/1.49 > ! > parser view super-user superview > secret 5 $1$mP4v$Hn1PdYa2Dt7c66/flrGDU1 > view limited > view limited2 > view super > > debug radius and author- > > R4# > Feb 26 17:37:42.773: AAA/BIND(00000013): Bind i/f > Feb 26 17:37:42.773: RADIUS/ENCODE(00000013): ask "Username: " > Feb 26 17:37:42.773: RADIUS/ENCODE(00000013): send packet; GET_USER > R4# > Feb 26 17:37:45.789: RADIUS/ENCODE(00000013): ask "Password: " > Feb 26 17:37:45.789: RADIUS/ENCODE(00000013): send packet; GET_PASSWORD > Feb 26 17:37:47.541: RADIUS/ENCODE(00000013):Orig. component type = EXEC > Feb 26 17:37:47.541: RADIUS/ENCODE(00000013): dropping service type, > "radius-server attribute 6 on-for-login-auth" is off > Feb 26 17:37:47.541: RADIUS(00000013): Config NAS IP: 4.4.4.4 > Feb 26 17:37:47.541: RADIUS/ENCODE(00000013): acct_session_id: 17 > Feb 26 17:37:47.541: RADIUS(00000013): sending > Feb 26 17:37:47.545: RADIUS(00000013): Send Access-Request to > 10.1.1.100:1812 id > 1645/17, len 85 > Feb 26 17:37:47.545: RADIUS: authenticator A4 BD 3C 00 D9 59 48 20 - 41 16 > AA > 18 6F 13 B0 D4 > Feb 26 17:37:47.545: RADIUS: User-Name [1] 9 "limited" > Feb 26 17:37:47.545: RADIUS: User-Password [2] 18 * > Feb 26 17:37:47.545: RADIUS: NAS-Port [5] 6 > 514 > > Feb 26 17:37:47.545: RADIUS: NAS-Port-Id [87] 8 "tty514" > > R4#Feb 26 17:37:47.545: RADIUS: NAS-Port-Type [61] 6 > Virtual [5] > Feb 26 17:37:47.545: RADIUS: Calling-Station-Id [31] 12 "10.1.1.100" > Feb 26 17:37:47.545: RADIUS: NAS-IP-Address [4] 6 > 4.4.4.4 > > Feb 26 17:37:47.553: RADIUS: Received from id 1645/17 10.1.1.100:1812, > Access-Accept, len 91 > Feb 26 17:37:47.553: RADIUS: authenticator AC DF 7E 66 06 DD 8B B6 - 92 60 > AF > 36 7B FC 2A 69 > Feb 26 17:37:47.553: RADIUS: Framed-IP-Address [8] 6 > 255.255.255.255 > > Feb 26 17:37:47.553: RADIUS: Vendor, Cisco [26] 35 > Feb 26 17:37:47.553: RADIUS: Cisco AVpair [1] 29 > "shell:cli-view-name=limited" > Feb 26 17:37:47.557: RADIUS: Service-Type [6] 6 NAS > Prompt [7] > Feb 26 17:37:47.557: RADIUS: Class [25] 24 > Feb 26 17:37:47.557: RADIUS: 43 41 43 53 3A 30 2F 39 34 65 2F 34 30 34 30 > 34 > [CACS:0/94e/40404] > Feb 26 17:37:47.557: RADIUS: 30 34 2F 35 31 34 > [04/514] > Feb 26 17:37:47.557: RADIUS(00000013): Received from id 1645/17 > Feb 26 17:37:47.557: AAA/AUTHOR/EXEC(00000013): processing AV > cli-view-name=limited > Feb 26 17:37:47.557: AAA/AUTHOR/EXEC(00000013): processing AV > service-type=7 > Feb 26 17:37:47.561: AAA/AUTHOR/EXEC(00000013): Authorization successf > > as you can see it is being placed into the correct view, and show parser > view on > telnet client confirms this. > > apreciate any comments.. > > thanks > > LR > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
