Hey all, I'm trying to configure CLI Views using RADIUS, but cant get it to work. I authenticate fine, but the CLI View is never applied. What am I doing wrong?
My ACS User configuration is: Username: limited password: cisco Cisco IOS/PIX 6.x RADIUS Attributes [x] [009/001] cisco-av-pair shell:cli-view-name=limited IETF RADIUS Attributes [x] Service-Type "NAS Prompt" selected from the drop-down listbox ****************** My router configuration is: enable secret cisco aaa new-model aaa authentication login CONSOLE none aaa authentication login VTY group radius aaa authorization exec CONSOLE none aaa authorization exec VTY group radius *radius-server attribute 6 mandatory* <- Is this a prerequisite command for CLI Views with Radius radius-server host 10.49.49.100 auth-port 1645 acct-port 1646 radius-server key cisco *radius-server vsa send authentication* <- Is this a prerequisite command for CLI Views with Radius ip radius source-interface Loopback0 line vty 0 4 password ciscoccie authorization exec VTY login authentication VTY parser view limited secret 5 $1$i0td$AjMze0pO6bfxePI936yKr. commands exec include show ip interface brief commands exec include show ip interface commands exec include show ip commands exec include show clock commands exec include show version commands exec include show logging commands exec include show ***************** R4#show parser view Current view is 'root' I'm not sure if this IOS version is supported, but I'm using 12.4(24)T Advanced Enterprise Services R4#show version Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1) System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T.bin" ***************** When I telnet from another router to R4 (cli view enabled router), the cli view is not set on the user R2#telnet 10.56.56.4 Trying 10.56.56.4 ... Open User Access Verification Username: limited Password: R4>en Password: R4#show parser view No view is active ! Currently in Privilege Level Context
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
