02-26-2024 07:50 AM
hi all,
so this is what it looks like when i ssh in the switch, as you can see i need to go into "enable mode"
login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01>enable
Password:
4510MCR01#
but i have made it so my user auto goes into run mode 15 ie read/write, il show you in "sh run"
username admin privilege 15 secret 5
anything else i need to do for my user to go straight in enable mode
thanks,
rob
Solved! Go to Solution.
02-26-2024 08:44 AM
i get you now balaji, so user1 is just a basic but balaji is privilege 15 so when he ssh's in he will go to enable mode automatically
02-26-2024 09:21 AM
Hope you can answer ASAP
Add privilege level 15 to both vty line group 0-4 and 5-15 and test user with privilege 1 and let see reuslt
Add privilege under vty is not correct from my view
Waiting your reply
MHM
02-26-2024 09:34 AM
not good at all
login as: user01
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
4510MCR01(config)#
il delete the priv lines under my vty then
02-26-2024 09:38 AM
I dont get your last reply
but can you check the lab I share above
MHM
02-26-2024 09:52 AM
login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01>enable
Password:
4510MCR01#sh priv
Current privilege level is 15
02-26-2024 09:57 AM
Sorry again I dont get your reply
Last test you share when you add aaa authz exec or priv level under vty?
If it after use aaa authz exec' can you add user name it cisco with priv 15 and check.
MHM
02-26-2024 10:03 AM
ive deleted under the "vty lines" priv level 15 as that gave every user exec mode ie enable mode
ive added
aaa new-model
!
!
aaa authorization exec defualt local
!
!
!
!
!
!
aaa session-id common
as you can see my admin user is priv 15 but when i login i dont get enable by default, evertime i need to enable manually
02-26-2024 10:09 AM
Ok'
Remove privilege from both vty group' you dont know which group user access into.
Then
Add
Username cisco privilege 15 password cisco
Username viewer privilege 1 password viewer
Username viewer2 privilege 5 password viewer2
Test three these user' dont use admin' in my lab I face also issue with user name admin.
Thanks for reply
MHM
02-27-2024 03:47 AM
solved it
aaa new-model
aaa authentication login default local
aaa authorization exec default local
now admin auto logs in as enable mode and when i set a new user ie
username user secret password
when i log in as that user i dont get auto enable mode so it works!
02-27-2024 03:55 AM
You are so welcome
thanks for update me
this accept solution from my view
Have a nice day
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide