Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9199
Views
0
Helpful
6
Replies

Privileged EXEC at line con 0

Thomas Reiling
Level 1
Level 1

‎04-22-2011 12:08 PM - edited ‎03-10-2019 06:01 PM

How do I configure my switch using AAA so that when I console in using the console port it automatically starts me off at the privilege EXEC prompt instead of the user EXEC prompt.  When I SSH in, it automatically starts me off at the privilege EXEC prompt.  I just want the same for the console port.

Thank you,

Thomas Reiling

Labels:
0 Helpful
6 Replies 6

gcover
Level 1
Level 1

‎04-22-2011 12:47 PM

If your existing AAA configuration is responsible for placing you into privileged exec mode when logging in on the vty lines then adding "aaa authorization console" to your global AAA configuration should accomplish what you are looking for.

0 Helpful

Thomas Reiling
Level 1
Level 1
In response to gcover

‎04-22-2011 01:21 PM

I tried your suggestion but it didn't work.  The switch took the command okay but when I tried to login via console I started out at user EXEC again instead of privilege EXEC.  I appreciate the suggestion.  Do you have any other ideas that might work?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎04-22-2011 07:49 PM

Thomas

The fundamental issue is that by default IOS does not do authorization on the console and authorization is what puts you directly into privilege mode. Perhaps it would help if you would post your running config.

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick
0 Helpful

Thomas Reiling
Level 1
Level 1
In response to Richard Burts

‎04-23-2011 07:17 AM

Richard,

Thanks for the reply.  I figured it out, however.

The following worked for me:

line con 0
privilege level 15

Thank you,

Thomas

0 Helpful

GregCover
Level 1
Level 1
In response to Thomas Reiling

‎04-23-2011 08:40 AM

Thomas,

It would be helpful to see your AAA and console line configuration.

Configuring a static privilege level on the console line will accomplish what you are looking to do.  However, this is totally independent of your AAA configuration and will allow anyone who logs in and successfully authenticates to gain priv 15 access on your console line.

Here's how I've done it.

Create a named authenttication list, lets call it CONSOLE;

Switch(config)#aaa authentication login CONSOLE group tacacs+ local

Create a named authorization list, again called CONSOLE

Switch(config)#aaa authorization exec CONSOLE group tacacs+ local if-authenticated

Then apply the following under line con 0;

Switch(config-line)#login authentication CONSOLE

Switch(config-line)#authorization exec CONSOLE

Since local is defined as the secondary method of authentication/authorization be sure to have a local privilege 15 user defined in the event your tacacs server isn't available.

Switch(config)#username MYUSERNAME privilege 15 secret 0 MYPASSWORD

This works for me, hope this helps!

Greg

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to GregCover

‎04-23-2011 01:14 PM

Thomas

Putting the privilege-level 15 on the console is one way to work around the issue. And it works - as long as you are comfortable with the fact that everyone who logs in on the console will be immediately placed directly into privilege/enable mode.

The suggestion from Greg addresses the different processing on the console as compared to the vty, and should work and would give you the ability to put some people directly into privilege/enable mode but not put other people directly into privilege/enable mode.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents