Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
58384
Views
10
Helpful
24
Replies

USERNAME WITH PRIVILEGE 15

estelamathew
Level 2
Level 2

‎01-14-2011 08:22 AM - edited ‎03-04-2019 11:05 AM

Hello Dear's,

I have created a user with command username cisco privilege 15 password cisco when he telnet to the switch he is asked for the enable secret passwrd why??????

Thanks

Labels:
0 Helpful
24 Replies 24

lgijssel
Level 9
Level 9

‎01-14-2011 10:08 AM

Hello Estela,

Can you please post a capture of the login dialog?

It would help to see where exactly this situation occurs.

Please also provide the config lines involved and the platform on which you are having this issue.

(pix/asa, router or switch) eventually including version info.

regards,

Leo

0 Helpful

estelamathew
Level 2
Level 2
In response to lgijssel

‎01-14-2011 10:28 AM

Hello,

please find the Attached  configs

login as: cwlms
cwlms@192.168.4.250's password:

SWITCH>en
Password:

Thanks

78722-config.txt.zip
0 Helpful

lgijssel
Level 9
Level 9
In response to estelamathew

‎01-14-2011 11:10 AM

The attachment is in queued state and cannot be opened.

Still I think you may be missing some aaa config lines.

Can you fix or retry the attachment?

regards

Leo

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎01-14-2011 10:55 AM

Hello,

By default the VTY lines have a privilege level of "0". Please try the following:

line vty 0 4

privilege level 15

exit

Now, if you login, you should be able to get directly into the enable mode.

Hope this helps.

Regards,

NT

estelamathew
Level 2
Level 2
In response to Nagaraja Thanthry

‎01-14-2011 11:02 AM

Hello,

This will allow everybody in privilege 15???? I don't want everybody to access on level 15 i have certain users on different privilege levels

Thanks

0 Helpful

Dan-Ciprian Cicioiu
Level 7
Level 7
In response to estelamathew

‎01-14-2011 11:07 AM

do you have any "aaa" configuration on the switch ? or just using login local under the line vty?

Can you try to paste here the line configuration , it seams that there is a problem with attached config.

Dan

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to estelamathew

‎01-14-2011 11:12 AM

Hello,

The user privilege takes precedence over the line privilege. So, if the user has a lower privilege level, that should override the line privilege.

Hope this helps.

Regards,

NT

Dan-Ciprian Cicioiu
Level 7
Level 7
In response to Nagaraja Thanthry

‎01-14-2011 11:18 AM

Yes , but if it has aaa authorization , it is normal to check the enable even if there is any default privilege.

Dan

0 Helpful

estelamathew
Level 2
Level 2
In response to Dan-Ciprian Cicioiu

‎01-14-2011 11:28 AM

Hello,

NO user level does'nt take precedence i tried just now, It put user level 2 also in level 15.

There is no AAA,it is local authentication.

line con 0
line vty 0 4
access-class YOU_ME in
exec-timeout 5 0
password 7 08364D5D1D1C1216060E1E25
login local
transport input ssh
line vty 5 15
exec-timeout 5 0
no login
transport input ssh

0 Helpful

lgijssel
Level 9
Level 9
In response to estelamathew

‎01-14-2011 11:55 AM

Local authentication is one thing but assigning a privilege level falls under authorization.

Please check this link on aaa, I hope this will enable you to configure a solution.

http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aaasetup.html#wp1284305

It should be something like:

aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local

but then without the radius stuff.

regards,

Leo

0 Helpful

Dan-Ciprian Cicioiu
Level 7
Level 7

‎01-14-2011 11:59 AM

Hi Leo ,

Here it is :

Router#sh run | i aaa
no aaa new-model
Router#
Router#
Router#sh run | b line
line con 0
login local
line aux 0
line vty 0 4
!
!
end

Router#sh run | i user
username c privilege 15 secret 5 $1$k/W8$yvjhRXM7TQDaRhQGLanSR1
Router#

Router#exi

Router con0 is now available

Press RETURN to get started.

User Access Verification

Username: c
Password:
Router#sh priv
Current privilege level is 15
Router#

Dan

0 Helpful

estelamathew
Level 2
Level 2
In response to Dan-Ciprian Cicioiu

‎01-14-2011 12:08 PM

Hello Leo,

It can be done without AAA also,

I have 1 switch in my network in which i m accessing directly in privilege (#) mode.

Thanks

0 Helpful

lgijssel
Level 9
Level 9
In response to estelamathew

‎01-14-2011 01:18 PM

It can be done without an AAA-server but you need something similar to the few lines proposed to make it work with local authentication/authorization. This is because you normally login to level1 and then need the additional enable pw to go to level 15. You want to modify the default behavior and this requires additional config.

regards,

Leo

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to lgijssel

‎01-14-2011 02:55 PM

Hi Leo,

It can be done without an AAA-server but you need something similar to 
the few lines proposed to make it work with local 
authentication/authorization

I already did it like the OP without any problem but on some platforms/ IOS it didn't work so it can be done without AAA

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card