×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Meaning of PRIVILEGE parameter in command USERNAME unclear

Unanswered Question
Jan 10th, 2014
User Badges:

Hello,

for a CISCO 2955 Switch I used the PRIVILEGE parameter in command USERNAME to achieve that a user directly enters respective privilege level after logon. But after logon the user is always in EXEC LEVEL 1 and not in the level stated in the command USERNAME. Also the user is not limited to the stated level: He can enter all other levels up to 15 if he has the respective pw.

1. So I do not understand the meaning of PRIVILEGE parameter in command USERNAME. Or, to ask the other way arround: How could one achieve that a user directly enters to his assigned privilege level after logon and, by doing this, get directly to the set of commands he is allowed to execute?

Thanks for any hint.

Regards CGH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pgasparovic Thu, 11/13/2014 - 08:15
User Badges:

Hi Carina,

I'm not providing you with right answer now, but exactly these days I have been looking for more insight on how to setup local AAA plus privilege variations, and got some useful knowledge..

I think that in your case the fundamental question is how you do access the switch (router).. I estimate you do via console, don't you? If yes, then this happens everywhere. You must define specific enable secrets for privilege levels (when other than 15), then set required user cmd set with "privilege" cmd of level not higher than your user one, and finally jumping into that level by "en X" to access it. It should work.. Actually, I wanted to test it quickly to refresh the topic, but our lab access is under maintenance at the moment.. Also to set some starting level other than 1, there should be some "privilege X" cmd attainable right under "con 0" interface.

 

Interesting topics discussed at :

https://learningnetwork.cisco.com/thread/32180

http://resources.intenseschool.com/ccna-security-solutions-to-facs-enabl...

 

-------

EDIT after 1 hour :

My lab access got re-established, and this single command will do the job for you "aaa authorization console".

Each user in local database will jump directly to priv mode of assigned level. Same happens with VTY access (wo AAA). If AAA is used,  the jump is typically assured by known trio "newmodel, aaa authen login, aaa author exec"

 

Hopefully I helped here and possibly earned some reward point(s) after looong time! :-D

Regards

Peter

Actions

This Discussion

Related Content