Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


cisco routers users setup privileges through a radius server

Posted on 2015-02-19
Medium Priority
Last Modified: 2015-07-31
We have some users that will require additional privileges on cisco routers, like executing commands  such as no shut on an interface, etc. Is it possible to set specific privileges levels on a radius server and apply to users.
Question by:Shen
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Assisted Solution

askincakir earned 2000 total points
ID: 40620697

Mostly solution for your request is done by Cisco Tacacs+ server. There you can use command level permit actions.
But, here i am giving you some another cli level privilege enablements.
Just check and let me know is this what you need ?

Author Comment

ID: 40625727
Is there a way to setup a radius group named say:  "test" that belongs to example: domain users

then on the cisco device do :
aaa authentication login "test" group radius local

setup the privilege in the router :
Like example:   privilege exec level 1 show ip  
                            username group  "test" privilege 1
I am trying to avoid setting  users and passwords  in the router. Use radius to provide the users and authentication and assign the privilege exec level to a radius group "test"

Accepted Solution

askincakir earned 2000 total points
ID: 40628178

Which radius you are planning to use ?

Microsoft NPS ?

Cisco ACS ?

Author Comment

ID: 40649436

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question