RE: Privilege access from console vs. telnet

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Tue Oct 11 2005 - 12:27:20 GMT-3

• Next message: Victor Cappuccio: "Re: The rule of Threes. (or also known as "How many ways can I"
• Previous message: Dave Temkin: "Re: The rule of Threes. (or also known as "How many ways can I"
• Maybe in reply to: Schulz, Dave: "Privilege access from console vs. telnet"
• Next in thread: Edwards, Andrew M: "RE: Privilege access from console vs. telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes. Here is what I added to the changes.....

hostname R2
!
aaa new-model
aaa authentication username-prompt And_You_Are
aaa authentication login default local-case
aaa authentication login exec enable
aaa authentication login vty local
aaa authentication login con local
aaa authorization exec default local
enable password cisco
!
username cisco privilege 15 password 0 cisco
username ddd privilege 7 password 0 ttt
username test7 privilege 7 password 0 test7
!
!
interface Loopback0
 ip address 20.20.20.20 255.255.255.0
!
!
interface Serial0
 ip address 192.168.1.2 255.255.255.0
 no fair-queue
!
!
privilege exec level 7 show
!
line con 0
 logging synchronous
 login authentication con
line aux 0
line vty 0 4
 password cisco
 logging synchronous
!

Dave Schulz, CCDP, CCNP, CCSP
Project Manager / TAC Supervisor
Data Processing Sciences Corporation
10810 Kenwood Road
Cincinnati, Ohio 45242
Phone - (513) 791-7100 ext.7411
Fax - (513) 791-4676
Email: dschulz@dpsciences.com

-----Original Message-----
From: Ian Stong [mailto:istong@stong.org]
Sent: Tuesday, October 11, 2005 11:19 AM
To: Schulz, Dave; ccielab@groupstudy.com
Subject: RE: Privilege access from console vs. telnet

Dave,

Did you add login authentication vty or similar to the console port?

Ian - CISSP
http://www.ccie4u.com
Rack Rentals and Lab Scenarios starting at only $12

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Schulz, Dave
Sent: Tuesday, October 11, 2005 11:10 AM
To: istong@stong.org; ccielab@groupstudy.com
Subject: RE: Privilege access from console vs. telnet

Ian -

Thanks for taking a look at this one. I removed the privilege level and
add ed the aaa authentication login vty local, and I still get the same
results. It appears that the vty is working correctly both ways. Only
the console appears to be the issue, as if the aaa is no affected by
anything having to do with privileges. Very strange!

Dave Schulz,
Email: dschulz@dpsciences.com

-----Original Message-----
From: Ian Stong [mailto:istong@stong.org]
Sent: Tuesday, October 11, 2005 10:45 AM
To: Schulz, Dave; ccielab@groupstudy.com
Subject: RE: Privilege access from console vs. telnet

Seems from your config you have priv level 15 on the line and console so
I
would expect that users get level 15 once on. Suggest removing that
command
from both the line vty 0 4 and console and then adding login
authentication
vty

Sample of other commands:

aaa new-model
aaa authentication login default local
aaa authentication login vty local
aaa authentication login exec enable
aaa authorization exec default local
aaa authorization commands 7 default local
aaa authorization commands 15 default local

Thanks,

Ian
www.ccie4u.com
Rack Rentals and Lab Scenarios starting at only $12

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Schulz, Dave
Sent: Tuesday, October 11, 2005 10:21 AM
To: ccielab@groupstudy.com
Subject: Privilege access from console vs. telnet

Group -

I am having an issue working with some of the privilege commands. See
the below configuration.....This works correct when using telnet to the
router (access to priv 7 and 15 levels). However, I cannot get the
access to the console to work as it should. Privilege level 7 users go
directly into level 15 privilege level. Any thoughts?

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
aaa new-model
aaa authentication username-prompt And_You_Are
aaa authentication login default local-case
aaa authorization exec default local
enable password cisco
!
username cisco privilege 15 password 0 cisco
username ddd privilege 7 password 0 ttt
username test7 privilege 7 password 0 test7
!
interface Loopback0
 ip address 20.20.20.20 255.255.255.0
!
interface Serial0
 ip address 192.168.1.2 255.255.255.0
 no fair-queue
!
privilege exec level 7 show
!
line con 0
 privilege level 15
 password cisco
 logging synchronous
line aux 0
line vty 0 4
 privilege level 15
 password cisco
 logging synchronous
!
end

R2#

Dave Schulz,
Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com >

• Next message: Victor Cappuccio: "Re: The rule of Threes. (or also known as "How many ways can I"
• Previous message: Dave Temkin: "Re: The rule of Threes. (or also known as "How many ways can I"
• Maybe in reply to: Schulz, Dave: "Privilege access from console vs. telnet"
• Next in thread: Edwards, Andrew M: "RE: Privilege access from console vs. telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3