Re: user privileges in C9200

Leftz · ‎01-05-2023

Hi I want to show the user privilege level in Catalyst9200 switch. But the command show privilege cannot work, meaning privilege cannot be typed. how do you think about it? Thanks

NDC-R1>show privilege

Current privilege level is 1

NDC-R1>?

MHM Cisco World · ‎01-05-2023

check command in the exec mode not in user mode
user mode >
exec mode #

balaji.bandi · ‎01-05-2023

This post reminds me of my old studies of 15 years back -

> - User EXEC mode
# - Privileged EXEC mode
(config)# - Configuration mode (notice the # sign indicates this is accessible only at privileged EXEC mode)
(config-if)# - Interface level within configuration mode
(config-router)# - Routing engine level within configuration mode
(config-line)# - Line level (vty, tty, async) within configuration mode

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎01-05-2023

I config two username
MHM1 with prev 15
MHM2 without prev config
and you can see the MHM1 can access to conf t prev 15 but
MHM2 can not access without enable password.

so there is something here I think you use the AAA not local username/password

balaji.bandi · ‎01-05-2023

user can directly go to # (because your VTY like configured with that)

line con 0
privilege level 15

or Line vty 1 4 have same statement

here good explanation (rather we post same information here)

https://study-ccna.com/cisco-privilege-levels/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leftz · ‎01-05-2023

@MHM Cisco World you have the same result as mine. but vty is NOT associated with aaa

@balaji.bandi I see the link you sent. I think he used device with earlier version. the device I use is c9200/17.6. his admin3 is in level 1 after using command username admin2 secret without privilege , while my admin2 is in 15

MHM Cisco World · ‎01-05-2023

but you mention admin2 have privilege 15 ?
for my lab the MHM2 can not direct access to privilege 15 unless he enter enable password.

balaji.bandi · ‎01-05-2023

that is set an example for you to understand.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leftz · ‎01-05-2023

Yes, my admin1 and admin2 have same privilege 15. same as yours. the question is why same privilege(15) has different behavior

MHM Cisco World · ‎01-05-2023

but I dont have same,
MHM1 can access directly
MHM2 must enter enable to access privilege 15.

Leftz · ‎01-05-2023

Yes yes .. same result

the difference between admin1 and admin2 is admin1 can access to # mode without enable password and admin2 need enable password. that is different behavior. after entering # mode, both show same privilege level --15

MHM Cisco World · ‎01-05-2023

Oh, Now I see,
Yes both must show privilege 15, the MHM1 because it have privilege 15 and MHM2 because it enter enable password
if you want to make
MHM2 have different privilege you can
username MHM2 privilege 5
this make MHM2 enter to exec mode directly but not enter to exec mode privilege level 15 but level 5
but also to make MHM2 enter to exec mode privilege level 15 we can enable with password and get this level.