Role-based view commands missing from config

Similar Messages

• Privileges and Roles Based Views

  Hello,
  I have been confguring Roles based Views with Windows radius authentication on our 2960's and 3750's and it is working great.  I have 2 users, one with a Roles Base View called "priv3" and the other is for admins of login as the "root" view.  I have one Windows Active Directory group for "priv3" users and the other for admins using "root".
  Now I have to configure this on our 2955 switches and to my horror they don't seem to support Roles Based Views!!  fI you know if they can then all this would be solved, I've using the latest IOS c2955-i6k2l2q4-mz.121-22.EA13.bin.
  How can convert the Roles Base Views to privileges and use radius and not effect the other switches,as I've never used privilges.
  I hope someone can help with the config:
  Below is the config I use on the 2960's and 3750's and also what I use on the radius servers.  I guess I would need ot use a priv 15 setup and a custom view called priv3?
  Priv3 radius user settings
  cisco av-pair cli-view-name=priv3
  Priv 15 or root user settings
  cisco av-pair shell:priv-lvl=15
  cisco av-pair shell:cli-view-name=root
  Config:
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname 3750
  boot-start-marker
  boot-end-marker
  logging buffered 64000
  logging console informational
  logging monitor informational
  enable secret 5 $1$1UGK$kHB.S2UwMVXaG3C0
  username admin privilege 15 secret 5 $1$BsaS$cLHllovL2ZFb1
  username priv3users view priv3 secret 5 $1$JfnH$vUu.B.natnyB.
  aaa new-model
  aaa authentication login default group radius local
  aaa authentication enable default line
  aaa authorization console
  aaa authorization exec default group radius local
  aaa session-id common
  clock timezone GMT 0
  clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
  switch 1 provision ws-c3750g-12s
  switch 2 provision ws-c3750g-12s
  system mtu routing 1500
  udld aggressive
  no ip domain-lookup
  ip domain-name CB-DI
  login on-failure log
  login on-success log
  crypto pki trustpoint TP-self-signed-3817403392
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3817403392
  revocation-check none
  rsakeypair TP-self-signed-3817403392
  crypto pki certificate chain TP-self-signed-3817403392
  certificate self-signed 01
    removed
    quit
  archive
  log config
    logging enable
    logging size 200
    notify syslog contenttype plaintext
    hidekeys
  spanning-tree mode rapid-pvst
  spanning-tree extend system-id
  spanning-tree vlan 10 priority 8192
  vlan internal allocation policy ascending
  ip ssh version 2
  interface GigabitEthernet1/0/1
  interface GigabitEthernet1/0/24
  interface Vlan1
  description ***Default VLAN not to be used***
  no ip address
  no ip route-cache
  no ip mroute-cache
  shutdown
  interface Vlan10
  description ****
  ip address 10.10.150.11 255.255.255.0
  no ip route-cache
  no ip mroute-cache
  ip default-gateway 10.10.150.1
  ip classless
  no ip http server
  ip http secure-server
  logging trap notifications
  logging facility local4
  logging source-interface Vlan10
  logging 10.10.21.8
  logging 172.23.1.3
  access-list 23 permit 10.10.1.65
  snmp-server community transm1t! RO
  snmp-server trap-source Vlan10
  radius-server host 10.10.1.33 auth-port 1645 acct-port 1646 key 7 090D7E080D37471E48
  radius-server host 10.10.1.34 auth-port 1645 acct-port 1646 key 7 08607C4F1D2B551B51
  radius-server vsa send accounting
  radius-server vsa send authentication
  line con 0
  exec-timeout 60 0
  logging synchronous
  line vty 0 4
  access-class 23 in
  exec-timeout 60 0
  logging synchronous
  transport input ssh
  line vty 5 14
  access-class 23 in
  no exec
  transport input ssh
  parser view priv3
  secret 5 $1$XSCo$feyS.YaFlakfGYUgKHO/
  ! Last configuration change at 16:34:56 BST Fri Apr 13 2012
  commands interface include shutdown
  commands interface include no shutdown
  commands interface include no
  commands configure include interface
  commands exec include configure terminal
  commands exec include configure
  commands exec include show ip interface brief
  commands exec include show ip interface
  commands exec include show ip
  commands exec include show arp
  commands exec include show privilege
  commands exec include show interfaces status
  commands exec include show interfaces Vlan10 status
  commands exec include show interfaces Vlan1 status
  commands exec include show interfaces GigabitEthernet2/0/12 status
  commands exec include show interfaces GigabitEthernet2/0/11 status
  commands exec include show interfaces GigabitEthernet2/0/10 status
  commands exec include show interfaces GigabitEthernet2/0/9 status
  commands exec include show interfaces GigabitEthernet2/0/8 status
  commands exec include show interfaces GigabitEthernet2/0/7 status
  commands exec include show interfaces GigabitEthernet2/0/6 status
  commands exec include show interfaces GigabitEthernet2/0/5 status
  commands exec include show interfaces GigabitEthernet2/0/4 status
  commands exec include show interfaces GigabitEthernet2/0/3 status
  commands exec include show interfaces GigabitEthernet2/0/2 status
  commands exec include show interfaces GigabitEthernet2/0/1 status
  commands exec include show interfaces GigabitEthernet1/0/12 status
  commands exec include show interfaces GigabitEthernet1/0/11 status
  commands exec include show interfaces GigabitEthernet1/0/10 status
  commands exec include show interfaces GigabitEthernet1/0/9 status
  commands exec include show interfaces GigabitEthernet1/0/8 status
  commands exec include show interfaces GigabitEthernet1/0/7 status
  commands exec include show interfaces GigabitEthernet1/0/6 status
  commands exec include show interfaces GigabitEthernet1/0/5 status
  commands exec include show interfaces GigabitEthernet1/0/4 status
  commands exec include show interfaces GigabitEthernet1/0/3 status
  commands exec include show interfaces GigabitEthernet1/0/2 status
  commands exec include show interfaces GigabitEthernet1/0/1 status
  commands exec include show interfaces Null0 status
  commands exec include show interfaces
  commands exec include show configuration
  commands exec include show
  commands configure include interface GigabitEthernet1/0/1
  commands configure include interface GigabitEthernet1/0/2
  commands configure include interface GigabitEthernet1/0/3
  commands configure include interface GigabitEthernet1/0/4
  commands configure include interface GigabitEthernet1/0/5
  commands configure include interface GigabitEthernet1/0/6
  commands configure include interface GigabitEthernet1/0/7
  commands configure include interface GigabitEthernet1/0/8
  commands configure include interface GigabitEthernet1/0/9
  commands configure include interface GigabitEthernet1/0/10
  commands configure include interface GigabitEthernet1/0/11
  commands configure include interface GigabitEthernet1/0/12
  commands configure include interface GigabitEthernet2/0/1
  commands configure include interface GigabitEthernet2/0/2
  commands configure include interface GigabitEthernet2/0/3
  commands configure include interface GigabitEthernet2/0/4
  commands configure include interface GigabitEthernet2/0/5
  commands configure include interface GigabitEthernet2/0/6
  commands configure include interface GigabitEthernet2/0/7
  commands configure include interface GigabitEthernet2/0/8
  commands configure include interface GigabitEthernet2/0/9
  commands configure include interface GigabitEthernet2/0/10
  commands configure include interface GigabitEthernet2/0/11
  commands configure include interface GigabitEthernet2/0/12
  ntp logging
  ntp clock-period 36028961
  ntp server 10.10.1.33
  ntp server 10.10.1.34
  end
  Thanks!!!!

  DBelt --
  Hopefully this example suffices.
  Setup
  SQL> CREATE USER test IDENTIFIED BY test;
  User created.
  SQL> GRANT CREATE SESSION TO test;
  Grant succeeded.
  SQL> GRANT CREATE PROCEDURE TO test;
  Grant succeeded.
  SQL> CREATE ROLE test_role;
  Role created.
  SQL> GRANT CREATE SEQUENCE TO test_role;
  Grant succeeded.
  SQL> GRANT test_role TO test;
  logged on as Test
  SQL> CREATE OR REPLACE PACKAGE definer_rights_test
    2  AS
    3          PROCEDURE test_sequence;
    4  END definer_rights_test;
    5  /
  Package created.
  SQL> CREATE OR REPLACE PACKAGE BODY definer_rights_test
    2  AS
    3          PROCEDURE test_sequence
    4          AS
    5          BEGIN
    6                  EXECUTE IMMEDIATE 'CREATE SEQUENCE test_seq';
    7          END;
    8  END definer_rights_test;
    9  /
  Package body created.
  SQL> CREATE OR REPLACE PACKAGE invoker_rights_test
    2  AUTHID CURRENT_USER
    3  AS
    4          PROCEDURE test_sequence;
    5  END invoker_rights_test;
    6  /
  Package created.
  SQL> CREATE OR REPLACE PACKAGE BODY invoker_rights_test
    2  AS
    3          PROCEDURE test_sequence
    4          AS
    5          BEGIN
    6                  EXECUTE IMMEDIATE 'CREATE SEQUENCE test_seq';
    7          END;
    8  END invoker_rights_test;
    9  /
  Package body created.
  SQL> EXEC definer_rights_test.test_sequence;
  BEGIN definer_rights_test.test_sequence; END;
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "TEST.DEFINER_RIGHTS_TEST", line 7
  ORA-06512: at line 1
  SQL> EXEC invoker_rights_test.test_sequence;
  PL/SQL procedure successfully completed.
  SQL> SELECT test_seq.NEXTVAL from dual;
               NEXTVAL
                     1

• "File" and "View" are missing from the ribbon in Excel, MS Office 2011, please help!

  "File" and "View" are missing from the ribbon in Excel, I'm running MS Office 2010.  Please help!

  Post your question on the MS Mac forums as it's their software you're having issues with:  http://answers.microsoft.com/en-us/mac?auth=1

• Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

  In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
  Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

  It is not missing.
  If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
  Steven Davelaar,
  JHeadstart Team.

• "show in itunes store" command missing from video library

  updated to itunes 11.1, and ios7.
  This isn't a pro or con diatribe, just a list of the minorish bugs that i have noticed:
  First (probable?) bug:
  With the latest update, the (control click) "show in itunes store" command is missing from all video layouts (unwatched, shows, genres) except "list".
  I assume this is just a temporary bug, as it limits easy access to purchasable store content.
  This is especially important since "check for available downloads", while still around, has been, as far as i can tell, completely nonfunctional for months.
  I now have all my email notifications for passes turned on, and just manually click on the emails to download new content.
  However, especially for shows with extra content, sometimes the email doesn't download the actual show, just the extra content.
  for this reason, and for non pass shows, and just for general shopping and impulse buys, I liked to use the "show in itunes store" to easily check shows that i am currently interested in.
  except that now it is gone.
  Another (probable) bug:
  I have a lot of purchased content, so i have the cloud turned off to control the flow of menu information.  i don't need to see everything i have purchased all the time, only the newest shows that i actually have loaded onto the ipad.  I still just load in the shows i want to watch from my main computer after i have downloaded them from apple to the hard drive, which i guess is now a bit old fashioned.  ios7 doesn't seem to like this very much, as it initially displays the cloud content when opening the "video" app, before blanking and replacing it with the edited down version. But the real bug is this:
  Now when i delete a video on the ipad, it crashes the "video" app.
  And, instead of recognizing the delete when i sync to the computer, it ignores it and reloads the video onto the ipad.
  ......And finally:
  There is still a tendency for the ipad and itunes to throw up the "sign in" pop up, often multiple times in a row, anywhere and for no reason, even when i am already signed in. Sometimes i can just hit "cancel" and it disappears, other times it forces me to retype my password.  It's gotten a lot better and less frequent than when it first started earlier this year, but it's still around. 
  Having said this, I'm still, of course, a huge fan of the change earlier this year that keeps track of purchases and allows me redownload, instead of the old "lose it and its gone, tough luck" policy. 

  Ha.  Maybe it's just me then.  When i control click on a show, i'm getting:
  In Library/TV Shows:  Unwatched, Shows, and Genres:
  play "[show]"
  mark as watched
  mark as unwatched
  [depending on blue dot]
  get info
  rating
  show description
  show in finder
  reset plays
  show in playlist
  copy
  as opposed to, in List (and everywhere else):
  play "[show]"
  mark as watched
  mark as unwatched
  [depending on blue dot]
  get info
  rating
  show description
  show in finder
  show in itunes store
  get album artwork
  reset plays
  consolidate files
  new playlist from selection
  add to playlist
  show in playlist
  copy
  delete
  uncheck selection
  apply sort field
  I have my sidebar turned on, but it doesn't seem to make a difference if it is showing or not.
  I looked around in settings, view, and window for a way to modify the control click menu, but couldn't find anything.
  It's a very minor issue.
  If your menu is working, maybe I just need to delete my copy of itunes and reinstall.  Or change a setting somewhere.

• Why is the "Send to iDVD" command missing from the share menu in iPhoto 9.4.3 when trying to send a slideshow to iDVD?

  How come the "Send to iDVD" command is missing from the share menu? In iPhoto I used to be able to send my slideshows to iDVD simply my clicking on the slideshow, selecting the "Share" menu at the top and going to "Send to iDVD". Now in iPhoto 9.4.3 that option is missing.
  Further i am also using iDVD 7.1.2 and running OSX version 10.8.3.
  Thanks!

  Export the slideshow via the Export button at the bottom of the slideshow window with Size = Medium or Large.
  Open iDVD, choose a theme and drag the exported movie file to the menu window being careful to avoid any drop zones.
  Follow this workflow to help ensure the best quality video DVD:
  Once you have the project as you want it save it as a disk image via the  File ➙ Save as Disk Image  menu option.  This will separate the encoding process from the burn process. 
  To check the encoding mount the disk image and launch DVD Player and play it.  If it plays OK with DVD Player the encoding was good.
  Then burn to disk with Disk Utility or Toast at the slowest speed available (2x-4x) to assure the best burn quality.  Always use top quality media:  Verbatim, Maxell or Taiyo Yuden DVD-R are the most recommended in these forums.
  OT

• Team Viewer is missing from the Business Package

  We are using ESS And MSS Business Package for ERP 2004 - But it seems that Team Viewer is missing.
  I understand it is part of an older version of Business Packager.
  But how can we implement it for BP for ERP 2004?

  It's not in the BP for MSS for ECC5. You have to do a blended BP approach. You will need to install the earlier BP as well and then customize your MSS role to include the My Staff portions you need (like the Employee information screen that uses the Team Viewer). This is due to the fact that not all services had been ported over to WebDynpro for Java as of the ECC5 business package. There are SEVERAL other posts in here about doing it this way. Hope this helps.

• Command shortcut from config-if to config ?

  Hi, is there any shortcute to go from 'config-if' back to 'config'.
  All I can seem to manage is "ex".
  When I use CTRL-C, it takes me right out of config mode, but all I want to do is go back to general config mode ?
  Is there anything better ?
  Thanks kindly.

  Hello,
  I mean, you can configure for example an IP route while being inside an interface, the gotcha is that you cannot use any help or the tab completion.
  Ex:
  R1(config)#interface  loo
  R1(config)#interface  loopback  1
  R1(config-if)#ip add 4.4.4.4
  *Mar  1 00:00:15.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
  R1(config-if)#ip add 4.4.4.4 255.255.255.0
  R1(config-if)#ip route 0.0.0.0 0.0.0.0 loo 1
  R1(config)#
  As you can see I did not need to go to config mode but again you will need to know the command from the top of your head
  Is that or using exit ( No such a command as the top from the Junos box; unless runing the nx-os as Colling mentioned)
  Rate all of the helpful posts!!!
  Regards,
  Jcarvaja
  Follow me on http://laguiadelnetworking.com

• Encapsulation dot1q command missing from C2600 Router

  According to what I've read the encapsualtion dot1q command was implemented in version 12.0 I have 12.2 but when I create a sub interface the encapsualtion command is not availabloe
  What am i missing !!!
  Here is the show version info from my router
  Cisco Internetwork Operating System Software
  IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5, RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 1986-2002 by cisco Systems, Inc.
  Compiled Fri 21-Jun-02 08:50 by ccai
  Image text-base: 0x80008074, data-base: 0x80A2BD40
  ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
  Health_Clinic uptime is 35 minutes
  System returned to ROM by reload at 11:44:42 pacific Thu Aug 11 2005
  System restarted at 11:45:48 pacific Thu Aug 11 2005
  System image file is "flash:c2600-i-mz.122-8.T5.bin"
  cisco 2621XM (MPC860P) processor (revision 0x100) with 27648K/5120K bytes of memory.
  Processor board ID JAD07110MDR (2342712827)
  M860 processor: part number 5, mask 2
  Bridging software.
  X.25 software, Version 3.0.0.
  2 FastEthernet/IEEE 802.3 interface(s)
  2 Serial network interface(s)
  32K bytes of non-volatile configuration memory.
  16384K bytes of processor board System flash (Read/Write)
  Configuration register is 0x2102

  You need smartnet coverage on the router to get access to CCO to download the software that you are looking for. YOu will need to associate the smartnet contract number with a login name (CCO login) that you can sign up at
  http://tools.cisco.com/RPF/register/register.do

• Cisco Role based views

  Hello,
  I want to set up the following - a CLI view that will restrict different users when they login using telent or ssh.
  Now for this i have enable AAA, and also create two views one for Guest and one for ADMIN.
  I then have set up secret passwords for each view. Now i want user name adam to access view GUEST and username DON to access ADMIN view.
  Is this possible?
  Thanks,                  

  hi,
  You have the following configured:
  aaa  authentication login mgmt group my_radius local
  aaa authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  logging synchronous
  login  authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport  input ssh
  Hence every time you try to login to the console or try the ssh the authentication will head to the radius server because of the following command "login  authentication mgmt".
  You cannot make it locally. Whatever defined on the method list mgmt first will be taking the precedence.
  enable seceret will be locally defined. but you have the following configured:
  aaa  authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  line  vty 0 4
  authorization exec mgmt
  Hence exec mode will also be done via radius server.
  when you configure:
  aaa  authentication login VIEW_CONFG local
  line vty 0 4
  login  authentication VIEW_CONFG
  You are making the authentication local, hence it is working the way you want.
  In short, whatever authentication is defined 1st on the method list will take precendence. the fallback will be checked only if the 1st aaa server is not reachable.
  Hope this helps.
  Regards,
  Anisha
  P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

• Sudo command missing from Terminal app

  Here is a screenshot that shows missing sudo command.  How do I restore it?  I am not a linux expert, so please keep the answer simple!!

  Its not missing, it simply cannot determine if your user is allowed to sudo since it can't find any sources. This is usually an indication of a corrupt installation.
  Linc Davis offers more insight in this post:
  sudo: unable to stat /etc/sudoers: No such file or directory sudo: no valid sudoers sources found, quitting

• Exchange Powershell Commands Missing from EMS

  I just performed a fresh install of Exchange 2013 w/ SP1 on Windows 2012 Standard R2 which is also a domain controller in an organization that already has an Exchange 2010 server (on a separate server). When I launch the Exchange Management Shell and attempt
  to run "Get-ExchangeServer" I get the error "The term 'Get-ExchangeServer' is not recognized as the name of a cmdlet, function, script file, or operable program..." I see that \\HKLM\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\Microsoft.Exchange.Management.PowerShell.SnapIn
  is loading the module name "D:\Program Files\Microsoft\Exchange\bin\Microsoft.Exchange.PowerShell.Configuration.dll" (which is the correct path to that file).
  I've restarted the server twice and have the same issue. Also tried doing an unattended install of just the Managment Tools since using the setup GUI didn't give me the option of uninstalling and reinstalling the Management Tools since the checkbox is greyed
  out. I searched the ExchangeSetup log for errors and didn't find any.
  How do I get the Exchange Management Shell to register the Exchange Powershell commands? Do I need to uninstall Exchange and Re-Install?

  Open Powershell as Administrator.
  1. Add-Pssnapin *Setup*
  2. Install-CannedRbacRoleAssignments -InvocationMode Install -verbose
  3. Install-CannedRbacRoleAssignmentSRAP -InvocationMode Install -verbose
  4. Install-CannedRbacRoles -InvocationMode Install -verbose
  Try the above commands and let me know if that helps
  if that doesn't can you run the below command reply back with the output
  Get-Command |?{$_.Name -like "Get-Exchange*"}
  ***VOTE IF HELPFUL / MARK ANSWER IF ANSWERS ***
  Pavan Maganti ~ ( Exchange | 2003/2007/2010/E15(2013)) ~~ Please remember to click “Vote As Helpful" if it really helps and "Mark as Answer” if it answers your question, “Unmark as Answer” if a marked post does not actually answer your
  question. ~~ This Information is provided is "AS IS" and confers NO Rights!!

• Newgrp command missing from Apple's implementation of x11

  Hi,
  Please excuse me if I've sent this to the wrong forum. I'm new to the Apple discussion groups.
  It seems as if Apple has left the newgrp command out of their x11 implementation (this is not specific to hardware and I've seen this in both Tiger & Leopard). I have several groups established on my Macbook Pro and need to changed between them in my shell. Can someone tell me how to do this?

  Challenger14 wrote:
  Hi,
  Please excuse me if I've sent this to the wrong forum. I'm new to the Apple discussion groups.
  Welcome to Apple Discussions:
  Yes, our Unix forum is carefully and well hidden
  Here's the link to said forum:
  http://discussions.apple.com/forum.jspa?forumID=735
  It seems as if Apple has left the newgrp command out of their x11 implementation (this is not specific to hardware and I've seen this in both Tiger & Leopard). I have several groups established on my Macbook Pro and need to changed between them in my shell. Can someone tell me how to do this?
  I don't usually use X11, but I do use the terminal a lot, and I just checked -
  newgrp
  works in both X11 and terminal
  Have you tried
  man newgrp
  ??

• View found missing after U driver patch

  Hi All,
  I applied on match on 2-3 instance and after that I found view MRP_AP_ONHAND_SUPPLIES_V missing from DB. We applied this patch on 2-3 instances and found that missing on all the instances. This patch is big and I tried to find the DROP VIEW command using "grep -i" but not possible.
  Please let me know that how can I confirm that this patch has DROP the respective view.

  Hi;
  Metalink is down in turkey for a now, thatswhy i cant replay you. When its up then i will update thread
  Regard
  Helios

• Role-Based CLI Views with AAA method

  Hi,
  I'm configuring Role-Based CLI Views on a router for limiting access to users.
  My criteria:
  - There should be a local user account on the router that has the view 'service' attached to it
  - If the router is online and can reach the radius server, people in the correct group are assigned the view 'service'
  My configuration:
  aaa new-model
  enable secret 1234
  username service view service secret 1234
  aaa group server radius my_radius
  server-private 10.1.1.1 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 0 1234
  server-private 10.1.1.2 auth-port 1645 acct-port 1646 timeout 2 retransmit 1 key 0 1234
  aaa authorization console
  aaa authentication login mgmt group my_radius local
  aaa authorization exec mgmt group my_radius local
  line con 0
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport input ssh
  The ERROR
  Now I want to go configure the cli view 'service'...
  # enable view
  Password: 1234
  *Jun  1 08:00:02.991: AAA/AUTHEN/VIEW (0000000D): Pick method list 'mgmt'
  *Jun  1 08:00:02.991: RADIUS/ENCODE(0000000D): ask "Password: "
  *Jun  1 08:00:02.991: RADIUS/ENCODE(0000000D): send packet; GET_PASSWORD
  *Jun  1 08:00:21.011: RADIUS: Received from id 1645/13 10.1.1.1:1645, Access-Reject, len 20
  The Questions
  Why does the 'enable view' try to pick a method list when you have to supply the enable secret to access the root view?
  Can you change this behaviour to always use the enable secret?
  The TEMP Solution
  If you're logged on to the router via telnet or SSH, the solution or workaround to this issue is:
  aaa authentication login VIEW_CONFG local
  line vty 0 4
  login authentication VIEW_CONFG
  Do your configuration of the view and re-configure the line to use the correct (wanted) method of authentication.
  Thanks so much for the suggestions
  /JZN

  hi,
  You have the following configured:
  aaa  authentication login mgmt group my_radius local
  aaa authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  logging synchronous
  login  authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport  input ssh
  Hence every time you try to login to the console or try the ssh the authentication will head to the radius server because of the following command "login  authentication mgmt".
  You cannot make it locally. Whatever defined on the method list mgmt first will be taking the precedence.
  enable seceret will be locally defined. but you have the following configured:
  aaa  authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  line  vty 0 4
  authorization exec mgmt
  Hence exec mode will also be done via radius server.
  when you configure:
  aaa  authentication login VIEW_CONFG local
  line vty 0 4
  login  authentication VIEW_CONFG
  You are making the authentication local, hence it is working the way you want.
  In short, whatever authentication is defined 1st on the method list will take precendence. the fallback will be checked only if the 1st aaa server is not reachable.
  Hope this helps.
  Regards,
  Anisha
  P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.