Solved: Cisco Router not using configured privilege level - Page 2

agchapman · ‎05-22-2013

Hi all, (all names etc are changed)

One of our clients is using a 2811 with only one account configured, as such:

username bdmin privilege 15 secret wordpass

and the enable password configured, in the running-config as:

enable secret 5 $1$mE92$SKx0DXmiCyPIWI/170LJE1

(I know this password, its just encrypted for accuracy)

"service password-encryption" has been turned on.

However, when logging in by telnet, using the bdmin username and password, I am dropped to a user mode prompt, not a Privileged. I have tried removing and re-adding the user account. It's the only one on the router, and removing the enable secret password just leaves me stuck in user mode.

I'm running 12.3(14)T5 code and can't work out for the life of me how to get a priv 15 user login working properly. Any ideas people?

Cheers!

paul driver · ‎05-23-2013

Hello

So it does - having a bad day today - not thinking striaght

apologies to all

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎05-23-2013

Paul

NP. Having multiple sets of eyes reading the responses and checking them for validity is part of what makes these forums so great. We all make an occasional mis-step - I have certainly made my share. The important thing is that we have come to a better understanding of what might work for the OP.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick

paul driver · ‎05-23-2013

Hello Richard

The thing about my reply to your post was I even tested it prior to posting then realised after I was connecting through my terminal server (line console) and not vty lines -and also I posted the authentication command instead of the authorization exec one -

One again apologies to all for a misleading post.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Kai Onken · ‎05-23-2013

Hello Alistrar,

I think, one of these two solutions will help you

Correct way

username MYUSERNAME secrect MYPASSWORD

enable secret MYENABLESECRET

!

aaa new-model

!

aaa authentication login VTY local-case

aaa authentication enable default enable

!

line vty 0 15

exec-timeout 20 0

login authentication VTY

transport input ssh

exit

On this solution you will need to enter the enable password.

2. Skip enable password

add the following line

line vty 0 15

privilege level 15

exit

When you do this, you will automatical set to privilege level 15, when

login via ssh and you will be placed inside the enable mode and the

enable password will be skipped.

But I would use the enable password for increasing security.

Kind regards

Kai

agchapman · ‎05-23-2013

Wow! Thanks for the great responses everyone, and quickly to boot!!
I've kept new-model AAA enabled, and just used Alain's "aaa authorization exec default local" command and it has worked perfectly. Thanks Alain, and thanks everyone for contributing!