I have created users and given them telnet access to router 7200.
They have full privilges(15) but everytime they login they login into user-exec mode instead of privilege mode.
Is there a way to skip user-exec mode and allow the users to login directly into privilge mode so they dont have to enter password twice?
Solved! Go to Solution.
The solution suggested in this thread of specifying privilege-level 15 on the vty will work for IOS devices and will not work on ASA. Also this solution would give ALL users access to privilege mode and not just for one user.
OK , then I have new question. How do I get a specific user straight to privilege mode on an Cisco ASA.
p.s. maybe I should open new thread ?
Opening a new thread might be a good idea - though at this point we have gone far enough (and I am not sure how much further this discussion will go) that we might as well just continue this thread.
While IOS devices have mechanisms that will allow you to configure that a user goes directly into privilege mode I do not believe that this works on the ASA - at least for the command line. If you login to ASDM to manage the ASA you will go directly to privilege mode. But for command line (SSH, telnet, etc) you will go to user mode and be required to enter another password for privilege mode. I do not know a way to get around that for ASA command line.
Suppose suggesting basic AAA
username test privilege 15 secret xxxxx.
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
Love your idea, it shows you actually try not just repeat answers from others but please test it on ASA and not router.
p.s. how do I make it work for just one user ?
the same applys to an generic user account or a specific user account
On the ASA You can try the command below if local user. If using TACACS, replace LOCAL with TACACS
"aaa authorization exec LOCAL auto-enable"