Thanks a huge lot Tyson. That worked a treat. So what is the purpose of those two command lines ?
R2>telnet 4.4.4.4 Trying 4.4.4.4 ... Open User Access Verification Username: limited Password: R4>show parser view Current view is 'limited' ************** Debug output: Aug 9 02:46:00.892: RADIUS/ENCODE(0000000E): ask "Username: " Aug 9 02:46:00.892: RADIUS/ENCODE(0000000E): send packet; GET_USER Aug 9 02:46:03.076: RADIUS/ENCODE(0000000E): ask "Password: " Aug 9 02:46:03.076: RADIUS/ENCODE(0000000E): send packet; GET_PASSWORD Aug 9 02:46:05.024: RADIUS/ENCODE(0000000E):Orig. component type = EXEC Aug 9 02:46:05.024: RADIUS: AAA Unsupported Attr: interface [175] 6 Aug 9 02:46:05.024: RADIUS: 74 74 79 35 [tty5] Aug 9 02:46:05.024: RADIUS/ENCODE(0000000E): dropping service type, "radius-server attribute 6 on-for-login-auth" is off Aug 9 02:46:05.024: RADIUS(0000000E): Config NAS IP: 4.4.4.4 Aug 9 02:46:05.024: RADIUS/ENCODE(0000000E): acct_session_id: 11 Aug 9 02:46:05.024: RADIUS(0000000E): sending Aug 9 02:46:05.024: RADIUS(0000000E): Send Access-Request to 10.49.49.100:1645 id 1645/11, len 85 Aug 9 02:46:05.024: RADIUS: authenticator E2 EE D2 67 09 09 13 47 - FF DD 10 08 35 F7 FD 3C Aug 9 02:46:05.024: RADIUS: User-Name [1] 9 "limited" Aug 9 02:46:05.024: RADIUS: User-Password [2] 18 * Aug 9 02:46:05.024: RADIUS: NAS-Port [5] 6 514 Aug 9 02:46:05.024: RADIUS: NAS-Port-Id [87] 8 "tty514" Aug 9 02:46:05.024: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Aug 9 02:46:05.024: RADIUS: Calling-Station-Id [31] 12 "10.56.56.2" Aug 9 02:46:05.024: RADIUS: NAS-IP-Address [4] 6 4.4.4.4 Aug 9 02:46:05.032: RADIUS: Received from id 1645/11 10.49.49.100:1645, Access-Accept, len 93 Aug 9 02:46:05.032: RADIUS: authenticator 15 61 33 0D 36 95 C6 BB - 70 D0 93 2F C1 E3 2C 9A Aug 9 02:46:05.032: RADIUS: Framed-IP-Address [8] 6 255.255.255.255 Aug 9 02:46:05.032: RADIUS: Vendor, Cisco [26] 35 Aug 9 02:46:05.032: RADIUS: Cisco AVpair [1] 29 "shell:cli-view-name=limited" Aug 9 02:46:05.032: RADIUS: Service-Type [6] 6 NAS Prompt [7] Aug 9 02:46:05.032: RADIUS: Class [25] 26 Aug 9 02:46:05.032: RADIUS: 43 41 43 53 3A 30 2F 35 33 30 33 36 2F 34 30 34 [CACS:0/53036/404] Aug 9 02:46:05.032: RADIUS: 30 34 30 34 2F 35 31 34 [0404/514] Aug 9 02:46:05.032: RADIUS(0000000E): Received from id 1645/11 On Mon, Aug 8, 2011 at 7:29 PM, Tyson Scott <[email protected]>wrote: > Remove what you have in red. do debug radius authentication. See why it > is saying it is failing. > > On Mon, Aug 8, 2011 at 9:54 PM, Mark Senteza <[email protected]>wrote: > >> Hey all, >> >> I'm trying to configure CLI Views using RADIUS, but cant get it to work. I >> authenticate fine, but the CLI View is never applied. What am I doing wrong? >> >> My ACS User configuration is: >> >> Username: limited >> password: cisco >> >> Cisco IOS/PIX 6.x RADIUS Attributes >> >> [x] [009/001] cisco-av-pair >> shell:cli-view-name=limited >> >> IETF RADIUS Attributes >> >> [x] Service-Type "NAS Prompt" selected from the drop-down listbox >> >> ****************** >> >> My router configuration is: >> >> enable secret cisco >> >> aaa new-model >> >> aaa authentication login CONSOLE none >> aaa authentication login VTY group radius >> >> aaa authorization exec CONSOLE none >> aaa authorization exec VTY group radius >> >> *radius-server attribute 6 mandatory* >> <- Is this a prerequisite command for CLI Views with Radius >> radius-server host 10.49.49.100 auth-port 1645 acct-port 1646 >> radius-server key cisco >> *radius-server vsa send authentication* >> <- Is this a prerequisite command for CLI Views with Radius >> >> ip radius source-interface Loopback0 >> >> line vty 0 4 >> password ciscoccie >> authorization exec VTY >> login authentication VTY >> >> parser view limited >> secret 5 $1$i0td$AjMze0pO6bfxePI936yKr. >> commands exec include show ip interface brief >> commands exec include show ip interface >> commands exec include show ip >> commands exec include show clock >> commands exec include show version >> commands exec include show logging >> commands exec include show >> >> ***************** >> >> R4#show parser view >> Current view is 'root' >> >> I'm not sure if this IOS version is supported, but I'm using 12.4(24)T >> Advanced Enterprise Services >> >> R4#show version >> Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version >> 12.4(24)T, RELEASE SOFTWARE (fc1) >> System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T.bin" >> >> ***************** >> When I telnet from another router to R4 (cli view enabled router), the cli >> view is not set on the user >> >> R2#telnet 10.56.56.4 >> Trying 10.56.56.4 ... Open >> >> >> User Access Verification >> >> Username: limited >> Password: >> >> R4>en >> Password: >> R4#show parser view >> No view is active ! Currently in Privilege Level Context >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
