Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Meaning of PRIVILEGE parameter in command USERNAME unclear

Hello,

for a CISCO 2955 Switch I used the PRIVILEGE parameter in command USERNAME to achieve that a user directly enters respective privilege level after logon. But after logon the user is always in EXEC LEVEL 1 and not in the level stated in the command USERNAME. Also the user is not limited to the stated level: He can enter all other levels up to 15 if he has the respective pw.

1. So I do not understand the meaning of PRIVILEGE parameter in command USERNAME. Or, to ask the other way arround: How could one achieve that a user directly enters to his assigned privilege level after logon and, by doing this, get directly to the set of commands he is allowed to execute?

Thanks for any hint.

Regards CGH

Everyone's tags (2)
1 REPLY
New Member

Hi Carina,I'm not providing

Hi Carina,

I'm not providing you with right answer now, but exactly these days I have been looking for more insight on how to setup local AAA plus privilege variations, and got some useful knowledge..

I think that in your case the fundamental question is how you do access the switch (router).. I estimate you do via console, don't you? If yes, then this happens everywhere. You must define specific enable secrets for privilege levels (when other than 15), then set required user cmd set with "privilege" cmd of level not higher than your user one, and finally jumping into that level by "en X" to access it. It should work.. Actually, I wanted to test it quickly to refresh the topic, but our lab access is under maintenance at the moment.. Also to set some starting level other than 1, there should be some "privilege X" cmd attainable right under "con 0" interface.

 

Interesting topics discussed at :

https://learningnetwork.cisco.com/thread/32180

http://resources.intenseschool.com/ccna-security-solutions-to-facs-enable-secret-and-privilege-levels/

 

-------

EDIT after 1 hour :

My lab access got re-established, and this single command will do the job for you "aaa authorization console".

Each user in local database will jump directly to priv mode of assigned level. Same happens with VTY access (wo AAA). If AAA is used,  the jump is typically assured by known trio "newmodel, aaa authen login, aaa author exec"

 

Hopefully I helped here and possibly earned some reward point(s) after looong time! :-D

Regards

Peter

707
Views
0
Helpful
1
Replies
CreatePlease to create content