Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA - Directly to Privilege Mode


As we know in Routers, we create a local Username/password and configure the vty line with "privilege level 15" command and the user will go directly to priv mode.

how can we do this in ASA/FWSM??? I have done AAA and also Local U&P, the users gets authenticated and goes to user mode and again we have to type the enable mode password to proceed...

Is there any command in ASA, which does the same function as "pri lev 15" in Cisco IOS.



Re: ASA - Directly to Privilege Mode


Use following commands

"username xxxxxx password yyyyyyyy privilege 15"

Default privilege level is 2

HTH...rate if helpful..

New Member

Re: ASA - Directly to Privilege Mode

Dear Mr.Satish,

Thanks a lot for your reply... I tried doing this and it didnt work.. Moreover, we need to add local aaa group for the firewall to prompt username/password during telnet session... I have done those and it still goes to usermode only.

Also, if you authenticate the username/password from MS AD using ACS server, how can we give privilege 15 to that particular user.

Kindly comment..

thanx, Mr.Satish


Re: ASA - Directly to Privilege Mode

Do you have this?

aaa authentication telnet console LOCAL

New Member

Re: ASA - Directly to Privilege Mode

Dear Mr.Adam,

Great to see you replying my post...

Yes.. I have done this command and tried and it didnt work. then, i tried the other command too (enable console LOCAL) (Just to make sure)

aaa authentication telnet console LOCAL

aaa authentication enable console LOCAL

username test password test pri 15

Still, it stops me in Usermode.. Perhaps, should i try to remove that enable/telnet password and leaving only these commands???

Thanx, Mr.Adam

Cisco Employee

Re: ASA - Directly to Privilege Mode

Hello Hameed,

It is my understanding that what you are trying to do on the ASA is not possible. Atleast, that is my experience with ASA and 7.0 code. I tried this in the lab long time ago, when ASA and 7.0 was released.

I would be interested to take a look at your configuration/setup, in case you tweak something and get this working.



** Please rate all helpful posts **

CreatePlease to create content