How To Manage Access To Cisco Devices Based On Active Directory Authentication By Eng-Ahmed Mustafa If you have many levels of administrators in your network and you want to give them different privileges, doing so using the local database on Cisco devices is not the optimal, you can grant them access based on the authentication against active directory database where the user will login to the device using his normal user name and password then he will be granted the privilege level that you assigned to his or her group.Note that this lab is done using GNS3 and Windows server 2008 R2. The commands used on Cisco router: aaa new-model ! aaa group server radius IAS server 192.168.1.50 auth-port 1812 acct-port 1813 ! aaa authentication login userAuthentication local group IAS aaa authorization exec userAuthorization local group IAS if-authenticated aaa authorization network userAuthorization local group IAS aaa accounting exec default start-stop group IAS aaa accounting system default start-stop group IAS ! aaa session-id common radius-server host 192.168.1.50 auth-port 1645 acct-port 1646 key cisco radius-server host 192.168.1.50 auth-port 1812 acct-port 1813 key cisco ! privilege exec level 1 show config privilege exec level 1 show ip interface brief ! ip radius source-interface fa0/0 ! line vty 0 4 authorization exec userAuthorization login authentication userAuthentication transport input ssh telnet ! line vty 5 15 authorization exec userAuthorization login authentication userAuthentication transport input ssh telnet