RE: Priviliedge Level on routers

From: mikenoc@mindspring.com
Date: Sun Oct 09 2005 - 03:47:09 GMT-3

• Next message: Anh P Tran: "RE: Priviliedge Level on routers"
• Previous message: Private Ryan: "Re: rate-limit vs. police"
• Maybe in reply to: mikenoc@mindspring.com: "Priviliedge Level on routers"
• Next in thread: Anh P Tran: "RE: Priviliedge Level on routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 I havent changed the privilidge Level for the username I am using. I simply added the username like below. Do you see anything that you did differently ?

conf t
username mike password cisco
end
wr

SW1#sh run | i user
username mike password 0 mike
SW1#

-----Original Message-----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
Sent: Oct 8, 2005 10:51 AM
To: kevin gannon <kevin@gannons.net>, nobody@groupstudy.com, mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Subject: RE: Priviliedge Level on routers

Using the aaa commands, you will need to add the aaa new-model. If you don't
use the aaa, you could use the commands for the vty that you currently have
listed. Since you have the privilege level 15 under the vty 0 4....this
should put you directly int privileged mode (#). I have done this and it goes
right to priv mode. Are you changing the privilege levels of user "mike" in
the username/password command line maybe?

Dave

-----Original Message-----
From: nobody@groupstudy.com
To: mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Sent: 10/8/2005 6:36 AM
Subject: Re: Priviliedge Level on routers

Mike
Did some testing and if you dont use a local username/password but
just have

line vty 0 4
login
priv 15

This works fine however with local username it doesnt work like that.
So below is my solution using AAA without a TACACS/RADIUS
server:

aaa authentication login default local
aaa authorization exec default none
aaa session-id common
ip subnet-zero
!
line vty 0 4
 privilege level 15

It works fine for me. Your mileage might vary depending on what
else you need AAA to do for you.

Regards
Kevin

On 10/8/05, mikenoc@mindspring.com <mikenoc@mindspring.com> wrote:
> Hello,
>
> I am trying to practice setting the default prividge level for all
users who log into a router. I think there may be a way to do this
withought specifying the prividge level per username. I tried using the
below command under the vty lines and it does not seem to work. I set
privilege level 15 in this example and when telneting from another
router it is in user exec mode not priviledged. Is there a way to
acomplish what I am trying to do withought using TACACS ?
>
> Thanks,
>
> Mike F.
>
>
> /line vty
> filtering...
> line vty 0 4
> exec-timeout 0 0
> privilege level 15 <------ Set the command
> login local
> line vty 5 15
> login
> !
> end
>
> SW1#
>
> R1#telnet 1.1.7.7
> Trying 1.1.7.7 ... Open
>
>
> User Access Verification
>
> Username: mike
> Password:
> SW1>conf t
> ^
> % Invalid input detected at '^' marker.
>
> SW1>exit
>
> [Connection to 1.1.7.7 closed by foreign host]
> R1#
>
>

• Next message: Anh P Tran: "RE: Priviliedge Level on routers"
• Previous message: Private Ryan: "Re: rate-limit vs. police"
• Maybe in reply to: mikenoc@mindspring.com: "Priviliedge Level on routers"
• Next in thread: Anh P Tran: "RE: Priviliedge Level on routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3