Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1903
Views
0
Helpful
3
Replies

How to allow IOS local user with privilege 1 to change password

Go to solution
dennis_chiho
Level 1
Level 1

‎08-24-2021 09:08 PM

How should I configure my IOS switch to let local user with privilege 1 to change their own password? Thank you!

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-31-2021 05:17 AM

Sweet. As expected.  The hope here would be the priv 1 user only knows his user name (I know not the best idea), but the solution provided does work.  IMHO you should seek to use some sort of external authentication provider via ISE/AD/LDAP/etc.  Then you would not have to worry about this run config modification.  Your last option would be to have the user work with the net admin and have him manually set the pw for this priv 1 user.  Cheers.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-26-2021 09:04 AM - edited ‎08-26-2021 10:22 AM

FYSA Level 1 = Read-only, and access to limited commands. You can't make any changes or view the running configuration file by default.

 

However, you have the ability to add commands.  For your scenario add the following to run-config:
#privilege exec level 1 configure terminal
#privilege configure level 1 username <your level 1 username> password

 

Then with the priv 1 user test the following:

>configure terminal

(config)>username <your level 1 username> password <NEW PASSWORD>

(config)>exit

>exit

Login with same priv 1 user and new PASS

 

Let us know result

0 Helpful

Go to solution
dennis_chiho
Level 1
Level 1

‎08-30-2021 06:38 PM

Dear Mike,

 

#privilege configure level 1 username <your level 1 username> password

 

I tested your commands, I found if I configure above command, the level user would be able to change his own password and other users' password. The level 1 user would have the full right for the command <username> .  If I perform "show run" after configured the command above, the running config output would only have "privilege configure level 1 username"

 

 

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-31-2021 05:17 AM

Sweet. As expected.  The hope here would be the priv 1 user only knows his user name (I know not the best idea), but the solution provided does work.  IMHO you should seek to use some sort of external authentication provider via ISE/AD/LDAP/etc.  Then you would not have to worry about this run config modification.  Your last option would be to have the user work with the net admin and have him manually set the pw for this priv 1 user.  Cheers.

0 Helpful
Customers Also Viewed These Support Documents