Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1443
Views
0
Helpful
4
Replies

Login to privilege mode IOS 15.0(1)SE

jbeauchamp1
Level 1
Level 1

‎11-18-2011 09:03 AM - edited ‎03-07-2019 03:28 AM

I have my first 3560x running IOS 15.0(1)SE and noticed that I can no longer login to privilege mode even though my use account is setup with privilege 15. I have the exact same setup on 12.2 (53)SE2 and have no issue, so has something changed?

Labels:
0 Helpful
4 Replies 4

jbeauchamp1
Level 1
Level 1

‎11-18-2011 09:13 AM

oh an to clarify I don't mean once logged in running enable or disable to move around...I mean connecting from an ssh client and starting from privilege exec mode so I don't need to enter the enable password.

0 Helpful

dese.co.uk
Level 1
Level 1
In response to jbeauchamp1

‎11-19-2011 11:48 AM

Dear Justin,

to have privilege level 15 permissions granted instantly after ssh login you need to add the following line to your

line cfg:

conf t

line vty 0 4

     privilege level 15

end

wr

copy run start

In general it is a good course of action _NOT_ to enbale the SSH access on standard port 22 on your Cisco box as it is

a permanent invitation for those wrong doings who seem to have more spare time than maybe you and I have.....

so how to enable SSH access on a different port from regular standard port 22?

let's say you wish to have your box ssh'd involving port 3210.

conf t

     access-list 123 REMARK deny ssh access on std port 22 on line vty 0 4

     access-list 123 deny   tcp any eq 22 any

     ip ssh port 3210 rotary 1

     line vty 0 4

          rotary 1

          access-class 123 in

exit

wr

copy run start

we first define an extended access list in which we prevent any ssh access on standard port 22,

at this time the access-list has no impact yet to the system at all.

we then turn an eye to the non-standard ssh - port 3210, rotary cmd lets you basically define a kind of

port cycling. declaring only the first one binds it to the given port, but that's not all yet.

finally we assign our just to 1 port limited "port-cycle" under line vty 0 4 and bring then access-list 123

into play what only affects ssh access on the given line.

I hope you find the above helpful.

All the best,

David.

0 Helpful

jbeauchamp1
Level 1
Level 1
In response to dese.co.uk

‎11-21-2011 08:54 AM

although your solutions works as a workaround.....it poses a higher security risk. If you add privilege level 15 to your line vty 0 4 config, then even users with privilege level 1 are logged into pri exec mode. I don't want this naturally...I only want users with privilege level 15 defined to be logged into pri exec mode.....I think there is a bug in this code.

0 Helpful

jbeauchamp1
Level 1
Level 1
In response to jbeauchamp1

‎11-24-2011 07:42 AM

if anyone else is interested, apparently this is a bug and will be fixed in the next release of code.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card