I've been trying to create a local read only user named user1 on the switch. It will connect via SSH and my own user is connecting through a Radius server. Users which connects via Radius server have privilege level 15 and the new local user has level 3. When I test the connection of the user1 (level 3), "show privileges" command prints that it's privilege level is 15. So, it can act as same as my own user. I've attached the config below, I did some line configuration, still it didn't work. I'd be so appreciated if you could help.

CISCO is Radius users, they are admins.

user0 is a local user which needs to remain as level 15.

user1 is the one I've been trying to make level 3 but it's level stays at 15.

aaa authentication login CISCO local group radius

username user0 privilege 15 secret 5 $1$iCSm$X6pDfr6bC7qhLGl5aY2Z.0

username user1 privilege 3 secret 5 $1$x4NK$mBS4UQFZGDzuL0Pl9gJRm.

!

!

!

!

!

!

radius-server host x.x.x.x

radius-server key the_key

!

"aaa new-model

aaa session-id common

line vty 0 4

 privilege level 15

 login authentication CISCO

 transport input ssh

 escape-character 3

line vty 5 15

 password 7 01100F175804

 transport input ssh