Resolution | - Create the RSA RADIUS client for a Cisco network device. In the Security Console.
- Click RADIUS > RADIUS Clients > Add New.
- Important: For the Make/Model option select Cisco IOS 11.1 or later.
- Complete the form and click Save with associated agent. .
- Click Save.
- In the Security Console, click RADIUS > RADIUS Profiles > Add New.
- Create a RADIUS profile, selecting the Return List attribute of Cisco-AVPAIR then configure the value with shell:priv-lvl=<integer between 1 to 15>. The administrative attribute for Read-Write should be either
- The av-pair, that is shell:priv-lvl=15
or
- The attribute for read-only can be the av-pair shell:priv-lvl=1
Note that the priv-lvl value ranges from 1 to 15 depending on your router enable privilege config.
The 15 represents full admin access into the Cisco device and the lower values represent a lesser privilege than 15/full admin access.
- In the Security Console, click RADIUS > RADIUS Profiles > Manage Existing and select the profile from the context menu.
- Select Associated Users.
- Click Assign to More.
- Search for the users to link to this profile and select them.
- Click Assign Profile.
- Verify authentication with the user ID.
|