Posted on June 23, 2021 8:59 pm
 |  Asked by Wayne Hahn
Print Friendly, PDF & Email

Does anyone have a Radius login that puts the user in privilege mode? Trying setup users so they can SCP files and upload new versions. If we set the users authorization as local we can SCP when the user privilege is 15.

Currently have

aaa authentication login default group radius local

aaa authorization exec default group radius local


Have tried Arista-AVPair combinations on the vendor attribute.

Arista-AVPair =”shell:priv-lvl=15,shell:roles=network-admin”

Also tried each separately.

Arista-AVPair =”shell:priv-lvl=15″

Arista-AVPair =”shell:roles=network-admin”

Posted by Wayne Hahn
Answered on June 23, 2021 10:59 pm

I guess i just solved it my problem was bad formatting in my radius Dictionary. It should look like this

VENDOR Arista 30065
BEGIN-VENDOR Arista ATTRIBUTE Arista-AVPair 1 string

All you need to send it he reply is.

Arista-AVpair = "shell:priv-lvl=15"

Hope this helps someone down the road.

Post your Answer

You must be logged in to post an answer.