Re: User No Get Privileged Access Even Though User Is Privileged 15

Iloveyou · ‎10-17-2024

username <user1> privilege 15 password 7 <ENCRYPTED>

!

line con 0
login authentication console

!

aaa authentication login console local

Can someone explain why user is not given privilege 15 access when he consoles in?

Is there any command to check privilege level of a user?

I am experiencing the same thing for line vty.

balaji.bandi · ‎10-17-2024

what is the device model and IOS code running.

do you have AAA enabled commands:

#show privilege ( show you what level of user have access)

Example : Current privilege level is 15

basic config as below should works as expected using local authentication.

enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/ ( make sure you change what ever needed)
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY. ( make sure you change what ever needed)

aaa new-model
!
aaa authorization config-commands

!

ip ssh version 2 (if you looking SSH connection)

line con 0
privilege level 15
line vty 0 - 4
privilege level 15
password cisco
transport input ssh (only allow SSH as secure, if you like you can add telnet its not secured)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Iloveyou · ‎10-17-2024

Can I solve the problem without putting privilege level 15 at console or line vty?

paul driver · ‎10-17-2024

Hello
yes- Use the cfg ive posted...test again

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎10-17-2024

hello

try the following:
aaa new-model
aaa authentication login console local
aaa authorization console
aaa authorization exec console local if-authenticated

line con 0
login authentication console
authorization exec console

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Iloveyou · ‎10-17-2024

Well I want to understand. Ssh was not configured with privilege 15. But my username was configured with privilege 15, so why did it not get privilege 15?

paul driver · ‎10-17-2024

Hello
By default AAA applies the default authentication method is default, as such this would then be applied automatically to all access-lines (including) the console- however when you specify a none default method (in your case you’ve so happened to have named it console – but it can be any name) then you need to specify that specific method name (authentication & authorisation) to the access line(s) specifically

Edited- this should work without any access-line configuration apart from allowing the transport method of access ssh/telnet etc..

Example2
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local if-authenticated

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Iloveyou · ‎10-17-2024

I don't quite get the difference between authentication and authorization.

Why was authentication initially used for username admin then later authorization was added?

paul driver · ‎10-18-2024

Hello
AAA Authorisation allows you to work on the device, Providing you privilege to use the features you have been authorise to use, Without specifying it in a AAA method list (excluding the default) you will not be able to use the features associated to that method.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎10-31-2024

@paul driver is correct
you need to config authz otherwise you need to use enable password to go to priv 15

MHM