AAA Authorization Using Local Database

Unanswered Question
Jul 8th, 2009

Hi Guys,

I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.

FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Jagdeep Gambhir Thu, 07/09/2009 - 07:54

For allowing limited read only access , use this example,

We need these commands on the switch

Switch(config)#do sh run | in priv

username admin privilege 15 password 0 cisco123!

username test privilege 0 password 0 cisco

privilege exec level 0 show ip interface brief

privilege exec level 0 show ip interface

privilege exec level 0 show interface

privilege exec level 0 show switch

No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below

User Access Verification

Username: test


Switch>show ?

diagnostic Show command for diagnostic

flash1: display information about flash1: file system

flash: display information about flash: file system

interfaces Interface status and configuration

ip IP information

switch show information about the stack ring

Switch>show switch

Switch/Stack Mac Address : 0015.f9c1.ca80

H/W Current

Switch# Role Mac Address Priority Version State


*1 Master 0015.f9c1.ca80 1 0 Ready

Switch>show run


% Invalid input detected at '^' marker.

Switch>show aaa server


% Invalid input detected at '^' marker.

Switch>show inter

Switch>show interfaces

Vlan1 is up, line protocol is up

Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)

Internet address is

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255


Please check this link,



Do rate helpful posts

helios999 Thu, 07/09/2009 - 18:11

Hi JG,

Thanks for your reply and it is very helpful. I just like to confirm that what you showed is using AAA authorization on local database, right?



helios999 Thu, 07/09/2009 - 21:24

Hi JG,

One more thing can you enlighten me about the command "privilege interface and privilege configure"? Or do you have a link that discusses this commands?




This Discussion