Meaning of PRIVILEGE parameter in command USERNAME unclear
for a CISCO 2955 Switch I used the PRIVILEGE parameter in command USERNAME to achieve that a user directly enters respective privilege level after logon. But after logon the user is always in EXEC LEVEL 1 and not in the level stated in the command USERNAME. Also the user is not limited to the stated level: He can enter all other levels up to 15 if he has the respective pw.
1. So I do not understand the meaning of PRIVILEGE parameter in command USERNAME. Or, to ask the other way arround: How could one achieve that a user directly enters to his assigned privilege level after logon and, by doing this, get directly to the set of commands he is allowed to execute?
I'm not providing you with right answer now, but exactly these days I have been looking for more insight on how to setup local AAA plus privilege variations, and got some useful knowledge..
I think that in your case the fundamental question is how you do access the switch (router).. I estimate you do via console, don't you? If yes, then this happens everywhere. You must define specific enable secrets for privilege levels (when other than 15), then set required user cmd set with "privilege" cmd of level not higher than your user one, and finally jumping into that level by "en X" to access it. It should work.. Actually, I wanted to test it quickly to refresh the topic, but our lab access is under maintenance at the moment.. Also to set some starting level other than 1, there should be some "privilege X" cmd attainable right under "con 0" interface.
My lab access got re-established, and this single command will do the job for you "aaa authorization console".
Each user in local database will jump directly to priv mode of assigned level. Same happens with VTY access (wo AAA). If AAA is used, the jump is typically assured by known trio "newmodel, aaa authen login, aaa author exec"
Hopefully I helped here and possibly earned some reward point(s) after looong time! :-D
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :