Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4724
Views
0
Helpful
4
Replies

Create additional administrator on Catalyst 6800

moon_blue69
Level 1
Level 1

‎09-08-2017 02:32 AM - edited ‎03-05-2019 09:06 AM

hello everyone

 

I am managing a cisco 6800 FEX switch, there is an admin account which I use to perform admin tasks. 

 

I can see this in the conf 

username admin password 0 paswword1

 

I want to add another admin and used the command 

 

username NetAdmin privilege 15 password 0 password2

 

I am able to ssh into the switch but when I type enable I am getting the access denied error.

 

The user admin was set up during the installation I guess. Coould you please help with the following?

 

1. Why the NetAdmin account I have added is getting access denied for priv exec mode?

2. Whay the original account has no privelege level mentioned in the config?

3. What is the correct way of adding additional users?

 

Thanks in Advance

Labels:
0 Helpful
4 Replies 4

Predrag Jovic
Level 3
Level 3

‎09-10-2017 07:57 AM - edited ‎09-10-2017 07:57 AM

 

Correct way of adding users depends on method for authentication. What you are trying to do is good only for local authentication method.

User admin after succesful login gets level 1 priviledges, after typing password user gets level 15 priviledges. However, NetAdmin is created as priviledge 15 account you shuld be already in priviledged mode when you login to device, so there should be no need to type enable to enter priviledge mode.

username NetAdmin privilege 15 password 0 password2

is the equal

username NetAdmin privilege 15 password password2

however it is recommended to use

username NetAdmin privilege 15 secret password2

0 Helpful

moon_blue69
Level 1
Level 1
In response to Predrag Jovic

‎09-11-2017 04:49 AM

Thank you for the detailed reply. 

 

After creating the NetAdmin account with this command 

 

username NetAdmin privilege 15 password 0 password2

 

when I ssh on I am promted for login as: 

 

I type NetAdmin and the password. Which brings the prompt cs-6807-vss> 

If I want to proceed to configuration I need to type in the enable password.

Is this the expected behaviour?

 

Also am I correct in saying enable secret password can be used to get access to privileaged exec mode irrespective of the user who is logged in?

 

 

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to moon_blue69

‎09-11-2017 06:02 AM - edited ‎09-11-2017 06:04 AM

Hi

If you want to login directly to privilege mode and no typing enable password, you can add the following:

 

no aaa new-model

Username Cisco privi 15 password Cisco123

 

line vty 0 15

privilege level 15

login local

transport input ssh




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

moon_blue69
Level 1
Level 1
In response to Julio E. Moisa

‎09-11-2017 08:16 AM

Hi Julio,

 

Thank you. Very helpful indeed. My goal is to configure TACACS+. I have configured ISE already. The local user on the switch is called admin and there is also an AD account called admin. That is the reason I wanted to create a NetAdmin local admin. I am not too sure about the commands to configure TACACS+, i don't want to break anything as the system is in production.

 

Please see my post here for this 

 

https://supportforums.cisco.com/t5/wan-routing-and-switching/help-enable-tacacs-on-catalyst-6800-switch/td-p/3182438

 

I know it is too much to ask for. Thanks in advance.

0 Helpful
Customers Also Viewed These Support Documents
Top