what if I need it to work like this

(straight to priv. mode)

just for one user?

can it be done on an ASA ?

The solution suggested in this thread of specifying

privilege-level 15

on the vty will work for IOS devices and will not work on ASA. Also this solution would give ALL users access to privilege mode and not just for one user.

HTH

Rick

OK , then I have new question. How do I get a specific user straight to privilege mode on an Cisco ASA.

p.s. maybe I should open new thread ?

Opening a new thread might be a good idea - though at this point we have gone far enough (and I am not sure how much further this discussion will go) that we might as well just continue this thread.

While IOS devices have mechanisms that will allow you to configure that a user goes directly into privilege mode I do not believe that this works on the

ASA - at least

for the command line. If you login to ASDM to manage the

ASA

you will go directly to privilege mode. But for command line

(SSH, telnet, etc)

you will go to user mode and be required to enter another password for privilege mode. I do not know a way to get around that for

ASA

command line.

HTH

Rick

Hello

Suppose suggesting basic AAA

username test privilege 15 secret  xxxxx.
aaa new-model
aaa authentication login default group tacacs+ local 
aaa authorization exec default group tacacs+ local


res

Paul

@paul

Love your idea, it shows you actually try not just repeat answers from others but please test it on ASA and not router.

p.s. how do I make it work for just one user ?

Hello

the same applys  to an generic user account or a specific user account 

Res

paul

On the ASA You can try the command below if local user. If using TACACS, replace LOCAL with TACACS

aaa authorization exec LOCAL auto-enable