Cisco Cisco IOS Software Release 15.1(3)T Instruções Importantes De Segurança
Cisco−AVPair = "shell:priv−lvl=15"
In order to restart FreeRADIUS, enter:
# sudo /etc/init.d/freeradius restart
6.
In order to change the DEFAULT user group in the user's file in order to give all users who are
members of cisco−rw a privilege level of 15, enter:
members of cisco−rw a privilege level of 15, enter:
DEFAULT Group == cisco−rw, Auth−Type = System
Service−Type = NAS−Prompt−User,
cisco−avpair :="shell:priv−lvl=15"
7.
You can add other users at different privilege levels as needed in the FreeRADIUS users file. For
example, this user (life) is given a level of 3 (system maintenance):
example, this user (life) is given a level of 3 (system maintenance):
sudo nano/etc/freeradius/users
life Cleartext−Password := "testing"
Service−Type = NAS−Prompt−User,
Cisco−AVPair = "shell:priv−lvl=3"
Restart the FreeRADIUS service:
sudo /etc/init.d/freeradius restart
8.
Note: The configuration in this document is based on FreeRADIUS run on Ubuntu 12.04 LTE and 13.04.
Verify
In order to verify the configuration on the switch, use these commands:
switch# show run | in radius (Show the radius configuration)
switch# show run | in aaa (Show the running AAA configuration)
switch# show startup−config Radius (Show the startup AAA configuration in
start−up configuration)
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
FreeRADIUS
•
Technical Support & Documentation − Cisco Systems
•
Updated: Jul 11, 2013
Document ID: 116291