Hi, you need whitspace before the service-type and cisco VSA lines after your auth line (they are reply items.....not check items) - if you run in debug mode (radiusd -X or freeradius -X on some distros) you can confirm from the output that the VSA/TLV are being sent to the client (switch).
if they are, and you are stil being dumped on the basic prompt then you need to revisit the cisco docs and ensure that you have all the required AAA lines in place to allow admin/enable access after login (ie if FreeRADIUS is sending the right stuff, then its a NAS configuration issue) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
