Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

USERNAME WITH PRIVILEGE 15

Hello Dear's,

I have created a user with command username cisco privilege 15 password cisco when he telnet to the switch he is asked for the enable secret passwrd why??????

Thanks

23 REPLIES

Re: USERNAME WITH PRIVILEGE 15

Hello Estela,

Can you please post a capture of the login dialog?

It would help to see where exactly this situation occurs.

Please also provide the config lines involved and the platform on which you are having this issue.

(pix/asa, router or switch) eventually including version info.

regards,

Leo

New Member

Re: USERNAME WITH PRIVILEGE 15

Hello,

please find the Attached  configs

login as: cwlms
cwlms@192.168.4.250's password:

SWITCH>en
Password:

Thanks

Re: USERNAME WITH PRIVILEGE 15

The attachment is in queued state and cannot be opened.

Still I think you may be missing some aaa config lines.

Can you fix or retry the attachment?

regards

Leo

Cisco Employee

Re: USERNAME WITH PRIVILEGE 15

Hello,

By default the VTY lines have a privilege level of "0". Please try the following:

line vty 0 4

privilege level 15

exit

Now, if you login, you should be able to get directly into the enable mode.

Hope this helps.

Regards,

NT

New Member

Re: USERNAME WITH PRIVILEGE 15

Hello,

This will allow everybody in privilege 15???? I don't want everybody to access on level 15 i have certain users on different privilege levels

Thanks

Re: USERNAME WITH PRIVILEGE 15

do you have any "aaa" configuration on the switch ? or just using login local under the line vty?

Can you try to paste here the line configuration , it seams that there is a problem with attached config.

Dan

Cisco Employee

Re: USERNAME WITH PRIVILEGE 15

Hello,

The user privilege takes precedence over the line privilege. So, if the user has a lower privilege level, that should override the line privilege.

Hope this helps.

Regards,

NT

Re: USERNAME WITH PRIVILEGE 15

Yes , but if it has aaa authorization , it is normal to check the enable even if there is any default privilege.

Dan

New Member

Re: USERNAME WITH PRIVILEGE 15

Hello,

NO user level does'nt take precedence i tried just now, It put user level 2 also in level 15.

There is no AAA,it is local authentication.

line con 0
line vty 0 4
access-class YOU_ME in
exec-timeout 5 0
password 7 08364D5D1D1C1216060E1E25
login local
transport input ssh
line vty 5 15
exec-timeout 5 0
no login
transport input ssh

Re: USERNAME WITH PRIVILEGE 15

Local authentication is one thing but assigning a privilege level falls under authorization.

Please check this link on aaa, I hope this will enable you to configure a solution.

http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aaasetup.html#wp1284305

It should be something like:

aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local

but then without the radius stuff.

regards,

Leo

Re: USERNAME WITH PRIVILEGE 15

Hi Leo ,

Here it is :

Router#sh run | i aaa
no aaa new-model
Router#
Router#
Router#sh run | b line
line con 0
login local
line aux 0
line vty 0 4
!
!
end

Router#sh run | i user
username c privilege 15 secret 5 $1$k/W8$yvjhRXM7TQDaRhQGLanSR1
Router#

Router#exi

Router con0 is now available

Press RETURN to get started.

User Access Verification

Username: c
Password:
Router#sh priv
Current privilege level is 15
Router#

Dan

New Member

Re: USERNAME WITH PRIVILEGE 15

Hello Leo,

It can be done without AAA also,

I have 1 switch in my network in which i m accessing directly in privilege (#) mode.

Thanks

Re: USERNAME WITH PRIVILEGE 15

It can be done without an AAA-server but you need something similar to the few lines proposed to make it work with local authentication/authorization. This is because you normally login to level1 and then need the additional enable pw to go to level 15. You want to modify the default behavior and this requires additional config.

regards,

Leo

Purple

Re: USERNAME WITH PRIVILEGE 15

Hi Leo,

It can be done without an AAA-server but you need something similar to the few lines proposed to make it work with local authentication/authorization

I already did it like the OP without any problem but on some platforms/ IOS it didn't work so it can be done without AAA

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

Re: USERNAME WITH PRIVILEGE 15

Hello Experts

what can be the issue,i m hitting may be IOS issues if i upgrade it will help me ????

Thanks.

Re: USERNAME WITH PRIVILEGE 15

Hi Mathew,

I would try a IOS upgrade.

What IOS/hardware are you using ?

Dan

Re: USERNAME WITH PRIVILEGE 15

Did you try it like this:

sw-test(config)#
sw-test(config)#user emgi privilege 15 password cisco
sw-test(config)#
sw-test(config)#lin vty 0 4
sw-test(config-line)#login ?
  local   Local password checking
  tacacs  Use tacacs server for password checking
 

sw-test(config-line)#login local
sw-test(config-line)#^Z


User Access Verification

Username: emgi
Password:
sw-test#sh priv
Current privilege level is 15
sw-test#

System image file is "flash:c2950-i6q4l2-mz.121-22.EA2.bin" (Ancient!)

New Member

Re: USERNAME WITH PRIVILEGE 15

Hello,

I have a switch model Cisco Catalyst 3550 48 SMI Switch i have uploaded 12.2.44.SE(6) ED the latest uptill date,  The switch model number is 3550 48 SMI and i have uploaded the IOS 12.2.44.SE(6) EMI The software is uploaded successfully with no errors but still i have same issue,Is it the switch is supported with the above software How i will come to know.

The  Feature Navigator shows me the image as in the attached, but the image is too old,Can anybody confirm me the image ihave installed is perfect.

Thanks

,

New Member

Re: USERNAME WITH PRIVILEGE 15

Hi Estela,

ok... I don't have this particular device but why not try least painful way. If it doesn't break your security policy why not enable aaa like this:

aaa new-model

aaa authentication login VTYLOGIN local

aaa authorization exec VTYLOGIN local

line vty 0 4

login authentication VTYLOGIN

authorization VTYLOGIN

It will solve your problem, OK it doesn't solve original issue... but it will work and you will not see any diference

Tomas

Bronze

Re: USERNAME WITH PRIVILEGE 15

Hi,

I think you should add "login local" in vty line config mode.

login local it will point to the username you created

Also when you create the username with level 15 you have to user "secret" instead of password, because you know that when you have configured "enable password" and "enable secret" , the enable secret will be used.

Because you have enable secret configured on the switch/router, it will always ask for the "enable secret".

Eugen

New Member

Re: USERNAME WITH PRIVILEGE 15

I have login local enable also after upgrading to latest new IOS the issue is same i have been asked for the enable secret for the privilege 15 user.

Thanks

Bronze

Re: USERNAME WITH PRIVILEGE 15

Hi estela,

Try this commands if you still have the problem:

S(config)#username TELNET priviledge 15 secret cisco

S(config)#line vty 0 15

S(config-line)#login local

S(config-line)#priviledge level 15

S(config-line)#end

Hope this will help

Eugen

New Member

Although this is a very old

Although this is a very old thread I will post my answer for the benefit of anyone looking through this.

This post by ebarticel explain the cause of the issue you are having. In your config you have,

enable secret 5 $1$P92y$/qnN50lCrnBAJJgIW1blc0
enable password 7 095B4F1A0D0000131F09160B

username hoswitch password 7 xxxx
username cwlms privilege 15 password 7 xxx
username admin privilege 15 password 7 xxx

So the device will prompt for enable secret.

As sugested use the following syntax,

username username privilege 15 secret password

Eg;

username admin privilege 15 secret cisco

12475
Views
10
Helpful
23
Replies