RE: Privilege access from console vs. telnet

From: Ian Stong (istong@stong.org)
Date: Tue Oct 11 2005 - 11:45:28 GMT-3

• Next message: Scott Morris: "RE: Qos question! (Voice)"
• Previous message: Victor Cappuccio: "Re: The rule of Threes. (or also known as "How many ways can I"
• Maybe in reply to: Schulz, Dave: "Privilege access from console vs. telnet"
• Next in thread: Schulz, Dave: "RE: Privilege access from console vs. telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Seems from your config you have priv level 15 on the line and console so I
would expect that users get level 15 once on. Suggest removing that command
from both the line vty 0 4 and console and then adding login authentication
vty

Sample of other commands:

aaa new-model
aaa authentication login default local
aaa authentication login vty local
aaa authentication login exec enable
aaa authorization exec default local
aaa authorization commands 7 default local
aaa authorization commands 15 default local

Thanks,

Ian
www.ccie4u.com
Rack Rentals and Lab Scenarios starting at only $12

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Schulz, Dave
Sent: Tuesday, October 11, 2005 10:21 AM
To: ccielab@groupstudy.com
Subject: Privilege access from console vs. telnet

Group -

I am having an issue working with some of the privilege commands. See
the below configuration.....This works correct when using telnet to the
router (access to priv 7 and 15 levels). However, I cannot get the
access to the console to work as it should. Privilege level 7 users go
directly into level 15 privilege level. Any thoughts?

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
aaa new-model
aaa authentication username-prompt And_You_Are
aaa authentication login default local-case
aaa authorization exec default local
enable password cisco
!
username cisco privilege 15 password 0 cisco
username ddd privilege 7 password 0 ttt
username test7 privilege 7 password 0 test7
!
interface Loopback0
 ip address 20.20.20.20 255.255.255.0
!
interface Serial0
 ip address 192.168.1.2 255.255.255.0
 no fair-queue
!
privilege exec level 7 show
!
line con 0
 privilege level 15
 password cisco
 logging synchronous
line aux 0
line vty 0 4
 privilege level 15
 password cisco
 logging synchronous
!
end

R2#

Dave Schulz,
Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com >

• Next message: Scott Morris: "RE: Qos question! (Voice)"
• Previous message: Victor Cappuccio: "Re: The rule of Threes. (or also known as "How many ways can I"
• Maybe in reply to: Schulz, Dave: "Privilege access from console vs. telnet"
• Next in thread: Schulz, Dave: "RE: Privilege access from console vs. telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3