cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
659
Views
4
Helpful
7
Replies

Cisco 9200L Privilege level stops working

MichelWilfred
Level 1
Level 1

Hi,

I have a few switches here that I configured a separate account with privilege level 7 to allow another user to only change the vlan of interfaces and save the configurations. This works fine for a few days but then they are unable to type switchport access, it shows invalid input detected for "access". I have to add "privilege interface level 7 switchport access vlan" again and it will work for a few days. Here's the commands I entered to set this up:

username _____ privilege 7 secret ______

privilege exec level 7 conf t
privilege exec level 7 copy run start
privilege configure level 7 interface
privilege interface level 7 switchport access vlan
privilege interface level 7 description
privilege exec level 7 copy run start
file privilege 7

7 Replies 7

Is something else overriding the configuration?  Do the privilege level configurations still show in show run?  Also a AAA server like ISE would be much better for controlling things like this. 

There shouldn't be anything else overriding it and the configurations still show up in the show run. We did it directly on these switches since we only needed to do this for 1 user.

It's very strange it stops working after a couple of days.  What version of IOS-XE?  Right but what happens when user 2 comes along?  Its also much easier/better to define users/groups/policies on centralized AAA server.

It is on 16.12.03a

I would really suggest trying a newer code 17.9 is now a gold-star option.

We are planning on doing that upgrade, will update the post if that solves the issue. Thank you

switchport mode access <<- this make port access and assign to vlan 1 by default 
or 
switchport access vlan x <<- if you dont specify vlan then it by default use vlan 1 

so I think it not privilege issue it port Access/Trunk mode issue 

Thanks A Lot
MHM