From: Anh P Tran (anhtran81@optusnet.com.au)
Date: Sun Oct 09 2005 - 04:28:14 GMT-3
Hi Mike,
I tried this from my router and it only works if you enable aaa. Please see
the output from my router.
Before AAA:
Rack1R4(config)#do show run | b line vty 0 4
line vty 0 4
privilege level 15
password cisco
login local
!
!
End
Rack1R4(config)#do telnet 150.1.4.4
Trying 150.1.4.4 ... Open
User Access Verification
Username: cisco
Password:
Rack1R4>show privi
Rack1R4>show privil
Current privilege level is 1
**** AFTER ENABLE AAA ***
Rack1R4>exit
[Connection to 150.1.4.4 closed by foreign host]
Rack1R4(config)#aaa new
Rack1R4(config)#aaa new-model
Rack1R4(config)#do telnet 150.1.4.4
Trying 150.1.4.4 ... Open
User Access Verification
Username: cisco
Password:
Rack1R4#show privi
Current privilege level is 15
Hope this help
Anh Tran
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mikenoc@mindspring.com
Sent: Sunday, 9 October 2005 4:47 PM
To: Schulz, Dave; kevin gannon; nobody@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: RE: Priviliedge Level on routers
I havent changed the privilidge Level for the username I am using. I simply
added the username like below. Do you see anything that you did differently
?
conf t
username mike password cisco
end
wr
SW1#sh run | i user
username mike password 0 mike
SW1#
-----Original Message-----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
Sent: Oct 8, 2005 10:51 AM
To: kevin gannon <kevin@gannons.net>, nobody@groupstudy.com,
mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Subject: RE: Priviliedge Level on routers
Using the aaa commands, you will need to add the aaa new-model. If you
don't
use the aaa, you could use the commands for the vty that you currently have
listed. Since you have the privilege level 15 under the vty 0 4....this
should put you directly int privileged mode (#). I have done this and it
goes
right to priv mode. Are you changing the privilege levels of user "mike" in
the username/password command line maybe?
Dave
-----Original Message-----
From: nobody@groupstudy.com
To: mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Sent: 10/8/2005 6:36 AM
Subject: Re: Priviliedge Level on routers
Mike
Did some testing and if you dont use a local username/password but
just have
line vty 0 4
login
priv 15
This works fine however with local username it doesnt work like that.
So below is my solution using AAA without a TACACS/RADIUS
server:
aaa authentication login default local
aaa authorization exec default none
aaa session-id common
ip subnet-zero
!
line vty 0 4
privilege level 15
It works fine for me. Your mileage might vary depending on what
else you need AAA to do for you.
Regards
Kevin
On 10/8/05, mikenoc@mindspring.com <mikenoc@mindspring.com> wrote:
> Hello,
>
> I am trying to practice setting the default prividge level for all
users who log into a router. I think there may be a way to do this
withought specifying the prividge level per username. I tried using the
below command under the vty lines and it does not seem to work. I set
privilege level 15 in this example and when telneting from another
router it is in user exec mode not priviledged. Is there a way to
acomplish what I am trying to do withought using TACACS ?
>
> Thanks,
>
> Mike F.
>
>
> /line vty
> filtering...
> line vty 0 4
> exec-timeout 0 0
> privilege level 15 <------ Set the command
> login local
> line vty 5 15
> login
> !
> end
>
> SW1#
>
> R1#telnet 1.1.7.7
> Trying 1.1.7.7 ... Open
>
>
> User Access Verification
>
> Username: mike
> Password:
> SW1>conf t
> ^
> % Invalid input detected at '^' marker.
>
> SW1>exit
>
> [Connection to 1.1.7.7 closed by foreign host]
> R1#
>
>
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3