Hello all
Cisco has stated a severity of moderate to this bug, but I do not agree. After a reboot , the configuration that is loaded is the one that is stored in the startup config because of this, the privilege commands do not work anymore. So this bug could be catastrophic depending on your configuration. Cisco also stated that there is no workaround. I have developed a configuration to avoid this problem and I would like to share with you. I have tested it with release 15.0(2)SE7 on a Cisco 2960:
Step 1: Create a macro with the desired commands:
Switch(config)#
macro name privilege
privilege interface level 3 no
privilege configure level 3 interface
privilege interface level 3 switchport
privilege interface level 3 switchport access vlan
privilege interface level 3 switchport access
privilege interface level 3 switchport mode access
privilege interface level 3 no switchport
privilege interface level 3 no switchport access vlan
privilege interface level 3 no switchport access
privilege interface level 3 no switchport mode access
@
Step 2. Create a file with the TCL script that will run the macro.
Switch#terminal shell
Switch#echo "ios_config \"macro global apply privilege\"" > tcl_macro
After this there should be a file in the flash called tcl_macro:
Switch#more tcl_macro
ios_config "macro global apply privilege"
Step 3. Generate an entry in the KRON to apply the macro each time the switch is restarted..
Switch(config)#
kron occurrence privilege at 0:00 recurring system-startup
policy-list privilege_3
!
kron policy-list privilege_3
cli tclsh tcl_macro
Hope this helps
