From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Sun Oct 09 2005 - 20:37:18 GMT-3
Actually, I did some experimenting in the lab on this. You have 3 ways to get
in the privilege level 15 directly on the line. First....If you use aaa, you
can do this with simply the username/password. Secondly, if you use the
"login" under the line, this will put you directly into privilege. Finally,
(which is what you are trying to do in your original email).....you will need
to add the privilege level to the username/password command. Here is the
config that works.....
username mike privilege 15 password 0 cisco
!
!
line con 0
privilege level 15
password cisco
login local
line aux 0
line vty 0 4
!
end
Dave
-----Original Message-----
From: mikenoc@mindspring.com
To: Schulz, Dave; kevin gannon; nobody@groupstudy.com
Cc: ccielab@groupstudy.com
Sent: 10/9/2005 2:47 AM
Subject: RE: Priviliedge Level on routers
I havent changed the privilidge Level for the username I am using. I
simply added the username like below. Do you see anything that you did
differently ?
conf t
username mike password cisco
end
wr
SW1#sh run | i user
username mike password 0 mike
SW1#
-----Original Message-----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
Sent: Oct 8, 2005 10:51 AM
To: kevin gannon <kevin@gannons.net>, nobody@groupstudy.com,
mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Subject: RE: Priviliedge Level on routers
Using the aaa commands, you will need to add the aaa new-model. If you
don't
use the aaa, you could use the commands for the vty that you currently
have
listed. Since you have the privilege level 15 under the vty 0 4....this
should put you directly int privileged mode (#). I have done this and
it goes
right to priv mode. Are you changing the privilege levels of user
"mike" in
the username/password command line maybe?
Dave
-----Original Message-----
From: nobody@groupstudy.com
To: mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Sent: 10/8/2005 6:36 AM
Subject: Re: Priviliedge Level on routers
Mike
Did some testing and if you dont use a local username/password but
just have
line vty 0 4
login
priv 15
This works fine however with local username it doesnt work like that.
So below is my solution using AAA without a TACACS/RADIUS
server:
aaa authentication login default local
aaa authorization exec default none
aaa session-id common
ip subnet-zero
!
line vty 0 4
privilege level 15
It works fine for me. Your mileage might vary depending on what
else you need AAA to do for you.
Regards
Kevin
On 10/8/05, mikenoc@mindspring.com <mikenoc@mindspring.com> wrote:
> Hello,
>
> I am trying to practice setting the default prividge level for all
users who log into a router. I think there may be a way to do this
withought specifying the prividge level per username. I tried using the
below command under the vty lines and it does not seem to work. I set
privilege level 15 in this example and when telneting from another
router it is in user exec mode not priviledged. Is there a way to
acomplish what I am trying to do withought using TACACS ?
>
> Thanks,
>
> Mike F.
>
>
> /line vty
> filtering...
> line vty 0 4
> exec-timeout 0 0
> privilege level 15 <------ Set the command
> login local
> line vty 5 15
> login
> !
> end
>
> SW1#
>
> R1#telnet 1.1.7.7
> Trying 1.1.7.7 ... Open
>
>
> User Access Verification
>
> Username: mike
> Password:
> SW1>conf t
> ^
> % Invalid input detected at '^' marker.
>
> SW1>exit
>
> [Connection to 1.1.7.7 closed by foreign host]
> R1#
>
>
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3