cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
2486
Views
0
Helpful
4
Replies
moon_blue69
Beginner

Create additional administrator on Catalyst 6800

hello everyone

 

I am managing a cisco 6800 FEX switch, there is an admin account which I use to perform admin tasks. 

 

I can see this in the conf 

username admin password 0 paswword1

 

I want to add another admin and used the command 

 

username NetAdmin privilege 15 password 0 password2

 

I am able to ssh into the switch but when I type enable I am getting the access denied error.

 

The user admin was set up during the installation I guess. Coould you please help with the following?

 

1. Why the NetAdmin account I have added is getting access denied for priv exec mode?

2. Whay the original account has no privelege level mentioned in the config?

3. What is the correct way of adding additional users?

 

Thanks in Advance

4 REPLIES 4
Predrag Jovic
Participant

 

Correct way of adding users depends on method for authentication. What you are trying to do is good only for local authentication method.

User admin after succesful login gets level 1 priviledges, after typing password user gets level 15 priviledges. However, NetAdmin is created as priviledge 15 account you shuld be already in priviledged mode when you login to device, so there should be no need to type enable to enter priviledge mode.

username NetAdmin privilege 15 password 0 password2

is the equal

username NetAdmin privilege 15 password password2

however it is recommended to use

username NetAdmin privilege 15 secret password2

Thank you for the detailed reply. 

 

After creating the NetAdmin account with this command 

 

username NetAdmin privilege 15 password 0 password2

 

when I ssh on I am promted for login as: 

 

I type NetAdmin and the password. Which brings the prompt cs-6807-vss> 

If I want to proceed to configuration I need to type in the enable password.

Is this the expected behaviour?

 

Also am I correct in saying enable secret password can be used to get access to privileaged exec mode irrespective of the user who is logged in?

 

 

Hi

If you want to login directly to privilege mode and no typing enable password, you can add the following:

 

no aaa new-model

Username Cisco privi 15 password Cisco123

 

line vty 0 15

privilege level 15

login local

transport input ssh




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi Julio,

 

Thank you. Very helpful indeed. My goal is to configure TACACS+. I have configured ISE already. The local user on the switch is called admin and there is also an AD account called admin. That is the reason I wanted to create a NetAdmin local admin. I am not too sure about the commands to configure TACACS+, i don't want to break anything as the system is in production.

 

Please see my post here for this 

 

https://supportforums.cisco.com/t5/wan-routing-and-switching/help-enable-tacacs-on-catalyst-6800-switch/td-p/3182438

 

I know it is too much to ask for. Thanks in advance.