Cisco AAA Privilege Level Configuration ??

Unanswered Question
Mar 25th, 2007

Hi All

I am trying to configure AAA Privilege Level Configuration on a local based Router (not using tacacus or radius)using AAA , following command line

aaa new-model

aaa authentication login default local

aaa authorization exec default local

username john privilege 9 password 0 doe

username mark privilege 6 password 0 six

username poweruser privilege 15 password poweruser

privilege exec level 6 show running

privilege exec level 8 configure terminal

as per the above configuration john will have the rights to excute sh run and conf t more and mark will have only rights to sh run and will not be able to excute conf t ....but even after setting the

privilege mark is able to excute conf t

Any help and suggestion will be greatly appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Mon, 03/26/2007 - 12:25

Your config works fine in my lab router. Here it is...

R1#show run | i aaa|user|pri

aaa new-model

aaa authentication login default local

aaa authorization exec default local

aaa session-id common

username john privilege 9 password 0 doe

username mark privilege 6 password 0 six

username poweruser privilege 15 password 0 poweruser

privilege exec level 8 configure terminal

privilege exec level 8 configure

privilege exec level 6 show running-config

privilege exec level 6 show

R1#172.30.1.11

Trying 172.30.1.11 ... Open

User Access Verification

Username: john

Password:

R1#config t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#exit

R1#ex

*Mar 4 14:59:20: %SYS-5-CONFIG_I: Configured from console by john on vty0 (172.

30.1.11)it

[Connection to 172.30.1.11 closed by foreign host]

R1#172.30.1.11

Trying 172.30.1.11 ... Open

User Access Verification

Username: mark

Password:

R1#config t

^

% Invalid input detected at '^' marker.

R1#show run

Building configuration...

:)

If you are still having problems remove aaa completely and put the config back in and check.

HTH

Sundar

Actions

This Discussion