[c-nsp] c3560, priv-lvl=15, authorization level problem

Hegedus Gabor hegedus.gabor at euroway.hu
Thu Apr 2 04:36:35 EDT 2009 

Hi all!

I have a problem:

I want use aaa authentication with radius in c3560, I try to 
authenticate my user to the priv level 15.
The authentication is succes, but the user is just on the level 1.

radius send back the priv-lvl=15, I can see in the radius debug.

the configurations of the radius and the switch are correct, because  I  
have c2960 with the same configuration, and the priv-level 15 
authentication works on it.

here is my  config sample:

aaa group server radius rad_group
 server *.*.*.* auth-port 1812 acct-port 1813

aaa authentication login method_line group rad_group local
aaa authentication enable default group rad_group enable
aaa authorization console
aaa authorization exec method_line if-authenticated group rad_group local
aaa session-id common

line vty 0 4
 authorization exec method_line
 login authentication method_line

radius-server attribute 6 on-for-login-auth
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 25 access-request include
radius-server host *.*.*.* auth-port 1812 acct-port 1813 key *

debug log:

Apr  2 10:29:54.547 MET: RADIUS: Received from id 1645/*.*.*.*:1812, 
Access-Accept, len 91
Apr  2 10:29:54.547 MET: RADIUS:  authenticator 96 55 55 96 42 75 94 F0 
- 72 55 71 BA 55 51 35 D2
Apr  2 10:29:54.547 MET: RADIUS:  Unsupported         [87]  6  
Apr  2 10:29:54.547 MET: RADIUS:   74 74 79 
32                                      [tty2]
Apr  2 10:29:54.547 MET: RADIUS:  Service-Type        [6]   6   
Administrative            [6]
Apr  2 10:29:54.547 MET: RADIUS:  Vendor, Cisco       [26]  25 
Apr  2 10:29:54.547 MET: RADIUS:   Cisco AVpair       [1]   19  
"shell:priv-lvl=15"
Apr  2 10:29:54.547 MET: RADIUS:  Reply-Message       [18]  34 
Apr  2 10:29:54.547 MET: RADIUS:   0A 25 20 52 61 64 69 75 73 20 41 75 
74 68 65 6E  [?? Radius Authen]
Apr  2 10:29:54.547 MET: RADIUS:   74 69 63 61 74 69 6F 6E 20 73 75 63 
63 65 73 73  [tication success]
Apr  2 10:29:54.547 MET: RADIUS: saved authorization data for user 
2430320 at 27437E8
Apr  2 10:29:54.547 MET: AAA/AUTHEN (971040830): status = PASS
Apr  2 10:29:54.547 MET: tty2 AAA/AUTHOR/EXEC (3224620906): Port='tty2' 
list='method_line' service=EXEC
Apr  2 10:29:54.547 MET: AAA/AUTHOR/EXEC: tty2 (3224620906) user='XXXXXX'
Apr  2 10:29:54.547 MET: tty2 AAA/AUTHOR/EXEC (3224620906): send AV 
service=shell
Apr  2 10:29:54.547 MET: tty2 AAA/AUTHOR/EXEC (3224620906): send AV cmd*
Apr  2 10:29:54.547 MET: tty2 AAA/AUTHOR/EXEC (3224620906): found list 
"method_line"
Apr  2 10:29:54.547 MET: tty2 AAA/AUTHOR/EXEC (3224620906): Method=IF_AUTHEN
Apr  2 10:29:54.547 MET: AAA/AUTHOR (3224620906): Post authorization 
status = PASS_ADD
Apr  2 10:29:54.547 MET: AAA/AUTHOR/EXEC: Authorization successful



please help me, thank you!

br, Gabor

More information about the cisco-nsp mailing list