No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


How to assign privilege level on CE5855 from NPS Radius ?

Publication Date:  2018-03-08 Views:  2291 Downloads:  0

Issue Description

Customer was using NPS Radius to authenticate the SSH users but he desired to know how to send the privilege level from the Microsoft NPS Radius.
He wanted to know which attribute can be used to set the level privilege for the users created on the Radius.
The configuration for SSH via Radius was working ok, but they got the users got the default level of privilege, 15.

radius server group group_radius
radius server shared-key-cipher ....

radius server authentication X.X.X.2 1812


user-name minimum-length 1

undo local-user policy security-enhance

local-user netadmin password irreversible-cipher ....

local-user netadmin service-type ssh

local-user netadmin level 3

local-user netman password irreversible-cipher.....

local-user netman service-type ssh

local-user netman level 3


authentication-scheme default


authentication-scheme test_aaa

authentication-mode local radius


authorization-scheme default


accounting-scheme default


domain default


domain default_admin



authentication-scheme test_aaa

radius server group group_radius


user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh



I advised the customer to use this Radius atribute, but since it's Huawei proprietary attribute, the customer had to create the attribute for different vendors: 

In NPS, the attribute should be created like below, this is just an example with a Cisco attribute: 

After using this attribute the privilege level of the users created on Radius was changed accordingly.