Solved: Re: when i ssh in not going straight into enable mode - Page 2

robertkwild · ‎02-26-2024

hi all,

so this is what it looks like when i ssh in the switch, as you can see i need to go into "enable mode"

login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01>enable
Password:
4510MCR01#

but i have made it so my user auto goes into run mode 15 ie read/write, il show you in "sh run"

username admin privilege 15 secret 5

anything else i need to do for my user to go straight in enable mode

thanks,

rob

robertkwild · ‎02-26-2024

i get you now balaji, so user1 is just a basic but balaji is privilege 15 so when he ssh's in he will go to enable mode automatically

MHM Cisco World · ‎02-26-2024

Hope you can answer ASAP

Add privilege level 15 to both vty line group 0-4 and 5-15 and test user with privilege 1 and let see reuslt

Add privilege under vty is not correct from my view

Waiting your reply

MHM

robertkwild · ‎02-26-2024

not good at all

login as: user01
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
4510MCR01(config)#

il delete the priv lines under my vty then

MHM Cisco World · ‎02-26-2024

I dont get your last reply
but can you check the lab I share above

MHM

robertkwild · ‎02-26-2024

login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01>enable
Password:
4510MCR01#sh priv
Current privilege level is 15

MHM Cisco World · ‎02-26-2024

Sorry again I dont get your reply

Last test you share when you add aaa authz exec or priv level under vty?

If it after use aaa authz exec' can you add user name it cisco with priv 15 and check.

MHM

robertkwild · ‎02-26-2024

ive deleted under the "vty lines" priv level 15 as that gave every user exec mode ie enable mode

ive added

aaa new-model
!
!
aaa authorization exec defualt local
!
!
!
!
!
!
aaa session-id common

as you can see my admin user is priv 15 but when i login i dont get enable by default, evertime i need to enable manually

MHM Cisco World · ‎02-26-2024

Ok'

Remove privilege from both vty group' you dont know which group user access into.

Then

Add

Username cisco privilege 15 password cisco

Username viewer privilege 1 password viewer

Username viewer2 privilege 5 password viewer2

Test three these user' dont use admin' in my lab I face also issue with user name admin.

Thanks for reply

MHM

robertkwild · ‎02-27-2024

solved it

aaa new-model
aaa authentication login default local 
aaa authorization exec default local

now admin auto logs in as enable mode and when i set a new user ie

username user secret password

when i log in as that user i dont get auto enable mode so it works!

MHM Cisco World · ‎02-27-2024

You are so welcome

thanks for update me

this accept solution from my view

Have a nice day

MHM