ASA - Directly to Privilege Mode

Unanswered Question
Oct 13th, 2008
User Badges:


As we know in Routers, we create a local Username/password and configure the vty line with "privilege level 15" command and the user will go directly to priv mode.

how can we do this in ASA/FWSM??? I have done AAA and also Local U&P, the users gets authenticated and goes to user mode and again we have to type the enable mode password to proceed...

Is there any command in ASA, which does the same function as "pri lev 15" in Cisco IOS.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
satish_zanjurne Mon, 10/13/2008 - 01:59
User Badges:
  • Silver, 250 points or more


Use following commands

"username xxxxxx password yyyyyyyy privilege 15"

Default privilege level is 2

HTH...rate if helpful..

jafarsadiq Mon, 10/13/2008 - 07:55
User Badges:

Dear Mr.Satish,

Thanks a lot for your reply... I tried doing this and it didnt work.. Moreover, we need to add local aaa group for the firewall to prompt username/password during telnet session... I have done those and it still goes to usermode only.

Also, if you authenticate the username/password from MS AD using ACS server, how can we give privilege 15 to that particular user.

Kindly comment..

thanx, Mr.Satish

acomiskey Mon, 10/13/2008 - 08:06
User Badges:
  • Green, 3000 points or more

Do you have this?

aaa authentication telnet console LOCAL

jafarsadiq Mon, 10/13/2008 - 08:16
User Badges:

Dear Mr.Adam,

Great to see you replying my post...

Yes.. I have done this command and tried and it didnt work. then, i tried the other command too (enable console LOCAL) (Just to make sure)

aaa authentication telnet console LOCAL

aaa authentication enable console LOCAL

username test password test pri 15

Still, it stops me in Usermode.. Perhaps, should i try to remove that enable/telnet password and leaving only these commands???

Thanx, Mr.Adam

ajagadee Mon, 10/13/2008 - 08:59
User Badges:
  • Cisco Employee,

Hello Hameed,

It is my understanding that what you are trying to do on the ASA is not possible. Atleast, that is my experience with ASA and 7.0 code. I tried this in the lab long time ago, when ASA and 7.0 was released.

I would be interested to take a look at your configuration/setup, in case you tweak something and get this working.



** Please rate all helpful posts **


This Discussion