Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help with privileges

Hello,

I'm trying to allow 2 users to access as 2955 switch.

admin privilege 15

eousers privilege 2

When they both log in they just get to the user exec mode, how can I get them to go to their respective modes?

version 12.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2955-01-PJ-abc
!
logging buffered 64000 debugging
logging console informational
logging monitor informational
aaa new-model
enable secret 5 $1$6eSD$eB19Pocw9CoH6VPNejFp5/
!
username admin privilege 15 secret 5 $1$4piH$1DlwCNCjLPs21rt9/
username eousers privilege 2 secret 5 $1$fW/K$I2f7s5Y87aaiUrSD0
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
!
no ip domain-lookup
ip domain-name BSO-DGI
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
alarm profile defaultPort
!
alarm facility temperature primary relay major
alarm facility temperature primary syslog
alarm facility temperature primary notifies
!
!
interface FastEthernet0/1
description ***Connection to IBC IP address 10.10.41.4***
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
description ***Connection to Webcam IP address 10.10.41.3***
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
description ***Connection to PC IP address 10.10.41.2***
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
description ***Connection to XTP IP address 10.10.41.1***
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
description ***Connection to DMP
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/10
description ***Connection to 3750-01-PJ-abc.abc/1***
switchport trunk allowed vlan 1,10
switchport mode trunk
!
interface FastEthernet0/11
description ***Connection to 2955-02
switchport trunk allowed vlan 1,10
switchport mode trunk
!
interface FastEthernet0/12
description ***Connection to 2955
switchport trunk allowed vlan 1,10
switchport mode trunk
shutdown
!
interface FastEthernet0/13
description ***Connection to 3750-01-PJ-abc.abc/1***
switchport trunk allowed vlan 1,10
switchport mode trunk
!
interface FastEthernet0/14
description Trunk port to 2955 or 3750
switchport trunk allowed vlan 1,10
switchport mode trunk
shutdown
!
interface Vlan1
description ***Default VLAN not to be used***
no ip address
no ip route-cache
shutdown
!
interface Vlan10
description ***abc LAN***
ip address 10.10.150.25 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.150.1
no ip http server
logging trap notifications
logging facility local4
logging source-interface Vlan10
logging 172.23.1.3
access-list 23 permit 10.10.1.65
access-list 23 permit 10.10.1.64
access-list 23 permit 10.10.1.35
access-list 23 permit 10.10.1.63
access-list 23 permit 10.10.1.62
access-list 23 permit 10.10.1.61
access-list 23 permit 10.10.1.60
access-list 23 permit 172.23.1.3
access-list 23 permit 172.23.1.4
snmp-server community transm1t! RO
snmp-server trap-source Vlan10
snmp-server location abc
snmp-server contact MCR
snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart
snmp-server enable traps config
snmp-server enable traps copy-config
snmp-server enable traps syslog
snmp-server enable traps entity
banner motd ^C

         ################################################
         # Unauthorised access or use of this equipment #
         #   is prohibited and constitutes an offence   #
         #     under the Computer Misuse Act 1990.      #
         #    If you are not authorised to use this     #
         #     system, terminate this session now.      #
         ################################################

^C
privilege interface level 2 shutdown
privilege interface level 2 no shutdown
privilege interface level 2 no
privilege configure level 2 interface
privilege configure level 2 shutdown
privilege exec level 2 configure terminal
privilege exec level 2 configure
privilege exec level 2 show ip interface brief
privilege exec level 2 show ip interface
privilege exec level 2 show ip
privilege exec level 2 show configuration
privilege exec level 2 exit
!
line con 0
exec-timeout 60 0
logging synchronous
line vty 0 4
access-class 23 in
exec-timeout 60 0
logging synchronous
transport input ssh
line vty 5 15
access-class 23 in
no exec
transport input ssh
!
ntp clock-period 17179980
ntp server 10.10.1.33
ntp server 10.10.1.34
!
end

Thanks

1 REPLY

Re: Help with privileges

hi andy,

use the enable command to switch between access levels on a device.

Router>enable 2

you should create the enable secret level 2 for the eousers account to be logged in.

use the show privilege command to display your current privilege level on the device.

on a personal note, i would suggest using role-based CLI instead for more flexibility rather than using privilege levels.

226
Views
0
Helpful
1
Replies
CreatePlease to create content