hello all, first of all, sorry for my english - i am not native speaker
my problem is: I have lab in Cisco Packet Tracer, where I set up remote management - ssh and telnet. I want to skip enable mode and go directly into privilege mode when I enter username and password. I set up username TEST privilege 15 secre test and it worked until switch reloaded. After I reload switch and try to ssh, when I enter username and password it goes into exec mode and I have to enter enable password.
Can you suggest solution?
When someone describes a situation where this feature worked, then the device rebooted, and now that feature no longer works my first guess is that some of the config changes that were made to enable it were not saved to startup config and were lost then the reboot took place. Can you check the current running config and verify that the changes that you made to go directly into privilege mode are still in the running config?
first i save config and then reboot device, but this feature no loger works. when I check running config, it shows username privilege level 5, not 15. It is strange, that routers work fine, but switches have issue
I have created new user from console >>> username USER privilege 15 secret PASSWORD >>> before reboot, I go to running config and there was privilege 5, not 15
What you have posted is interesting. Actually the 5 in that output does not relate to privilege level (which is not present in what you posted) but does relate to the encryption level of the password. There are several options in how you can configure user passwords:
- you can specify no service password-encryption (as your config does) and the default is to not encrypt the user password.
- you can specify service password-encryption and with this the user password (and several other types of passwords) will be encrypted. This encryption used type 7 encryption, which turns out to not be very secure.
- so Cisco introduced the option to specify the password type as secret (which you did) and the result uses type 5 encryption, which is much more secure.
So in your output the 5 relates to the more secure encryption of the password and not the privilege level.
One interesting part of this is that if you did specify privilege 15 in configuring the user, why does the privilege not show up in the running config?
maybe is it packet tracer's bug? When I specify privilege 15 in routers, It shows in running config and works fine. Here is my router's config screen
Thanks for the update. I do not understand clearly where it does work as expected and where it does not work as expected. Are you saying that it does work as expected on routers and does not work as expected on switches?
On one of the devices where it does not work would you post these outputs
in show run the configuration of the user name
in show start the configuration of the user name
We want to see if show run and show start have the same parameters or different parameters.
In the original post you tell us that you configure a user with privilege 15 on the switch and that it works until you reload the switch. In the output that you have posted we see that neither the running config nor the startup config have the privilege 15 parameter. I wonder how it works in the first case. Perhaps you are right that this is an issue with packet tracer.