cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
10
Helpful
6
Replies

login local only getting privilege 1

rsnook
Level 1
Level 1

have other devices that are working just fine. but can't figure why this one will log user in, but only at privilege 1 - requires enable password. other devices will allow login directly to privilege 15. the only thing i can see is the 'enable secret' is listed on this one. if i no enable secret, i can't get past privilege 1. i know this is going to be something stupid i did... help.

below is snippet of config

c3560-advipservicesk9-mz.122-44.SE

no service password-encryption

!

enable secret 5 XXXXXX

!

username XXXXXX privilege 15 secret 5 XXXXXX

username XXXXXX privilege 15 secret 5 XXXXXX

username XXXXXX privilege 15 secret 5 XXXXXX

no aaa new-model

!

line con 0

login local

line vty 0 4

login local

transport preferred ssh

transport input ssh

line vty 5 15

no login

transport preferred ssh

transport input ssh

6 Replies 6

Edison Ortiz
Hall of Fame
Hall of Fame

"c3560-advipservicesk9-mz.122-44.SE"

This code has some authentication issues. I suggest going with SE1 or use the same code the other switches are running.

__

Edison.

Robert

It does not deal with your main question about authenticating to privilege level 15, but I would like to comment about something else. In your config you have this:

line vty 5 15

no login

Would I be correct in assuming that the no login was intended to keep people from logging in on these vty lines? It seems very logical that this would work for that purpose but it does not. When you configure no login all it does is allow someone to establish a session without needing any password. If you want to prevent use of these vty lines you should configure no exec (or perhaps no transport input).

HTH

Rick

HTH

Rick

Nice catch Rick.

Rated - 5

learn something new every day - thanks!

upgraded to SE1. still have same problem. I can connect to exec directly from console using local login, it is just the SSH that is broken. I enable telent on vty 0 4 and it works.

Console and Telnet login local to privilege 15

SSH login local to privilege 1, requires enable command.

solved the issue.

on upgrade to new IOS, the authentication method changed for SSH and my client SecureCRT was sending out a modulus of a different size. Apparently a more secure version of IOS as the older version didn't care about order and/or size.

as far as the login privilege; change login to use new aaa model.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: