Solved: Re: AAA Authorization

h.wall · ‎12-28-2004

Im trying to configure AAA authentication using username xxxxx privililege 15 password xxxx. I would like it so users with privilege level 15 go straight to enable mode and users with prvilege level 1 will go straight to router> read only. Currently the conly commands I have typed in are username

xxx privilege 15 password xxxx

AAA new-model

Do I need to configure anything else. I tried to put privilege level under int vty but then all users go to privilege mode. I only want to use AAA I do not want to have3 to setup a teacs or radius server. Thanks in advance.

gfullage · ‎12-28-2004

To use privilege levels you need to define authorization as well as authentication. The following should do the trick for you:

username glenn privilege 15 password 0 cisco

username fred privilege 1 password 0 cisco

!

aaa new-model

aaa authentication login default local

aaa authorization exec default local

Now if I login:

> telnet 10.66.79.100

User Access Verification

Username: glenn

Password:

Router#sho priv

Current privilege level is 15

Router#q

>

> telnet 10.66.79.100

User Access Verification

Username: fred

Password:

Router>sho priv

Current privilege level is 1

Router>q

View solution in original post

gfullage · ‎12-28-2004

To use privilege levels you need to define authorization as well as authentication. The following should do the trick for you:

username glenn privilege 15 password 0 cisco

username fred privilege 1 password 0 cisco

!

aaa new-model

aaa authentication login default local

aaa authorization exec default local

Now if I login:

> telnet 10.66.79.100

User Access Verification

Username: glenn

Password:

Router#sho priv

Current privilege level is 15

Router#q

>

> telnet 10.66.79.100

User Access Verification

Username: fred

Password:

Router>sho priv

Current privilege level is 1

Router>q