RE: Priviliedge Level on routers

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Sat Oct 08 2005 - 11:51:58 GMT-3

• Next message: Schulz, Dave: "Real lab - To diagram or not?"
• Previous message: Ashok Ananda \(aananda\): "RE: RE: Multicast Filtering"
• Maybe in reply to: mikenoc@mindspring.com: "Priviliedge Level on routers"
• Next in thread: mikenoc@mindspring.com: "RE: Priviliedge Level on routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Using the aaa commands, you will need to add the aaa new-model. If you don't
use the aaa, you could use the commands for the vty that you currently have
listed. Since you have the privilege level 15 under the vty 0 4....this
should put you directly int privileged mode (#). I have done this and it goes
right to priv mode. Are you changing the privilege levels of user "mike" in
the username/password command line maybe?

Dave

-----Original Message-----
From: nobody@groupstudy.com
To: mikenoc@mindspring.com
Cc: ccielab@groupstudy.com
Sent: 10/8/2005 6:36 AM
Subject: Re: Priviliedge Level on routers

Mike
Did some testing and if you dont use a local username/password but
just have

line vty 0 4
login
priv 15

This works fine however with local username it doesnt work like that.
So below is my solution using AAA without a TACACS/RADIUS
server:

aaa authentication login default local
aaa authorization exec default none
aaa session-id common
ip subnet-zero
!
line vty 0 4
 privilege level 15

It works fine for me. Your mileage might vary depending on what
else you need AAA to do for you.

Regards
Kevin

On 10/8/05, mikenoc@mindspring.com <mikenoc@mindspring.com> wrote:
> Hello,
>
> I am trying to practice setting the default prividge level for all
users who log into a router. I think there may be a way to do this
withought specifying the prividge level per username. I tried using the
below command under the vty lines and it does not seem to work. I set
privilege level 15 in this example and when telneting from another
router it is in user exec mode not priviledged. Is there a way to
acomplish what I am trying to do withought using TACACS ?
>
> Thanks,
>
> Mike F.
>
>
> /line vty
> filtering...
> line vty 0 4
> exec-timeout 0 0
> privilege level 15 <------ Set the command
> login local
> line vty 5 15
> login
> !
> end
>
> SW1#
>
> R1#telnet 1.1.7.7
> Trying 1.1.7.7 ... Open
>
>
> User Access Verification
>
> Username: mike
> Password:
> SW1>conf t
> ^
> % Invalid input detected at '^' marker.
>
> SW1>exit
>
> [Connection to 1.1.7.7 closed by foreign host]
> R1#
>
>

• Next message: Schulz, Dave: "Real lab - To diagram or not?"
• Previous message: Ashok Ananda \(aananda\): "RE: RE: Multicast Filtering"
• Maybe in reply to: mikenoc@mindspring.com: "Priviliedge Level on routers"
• Next in thread: mikenoc@mindspring.com: "RE: Priviliedge Level on routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3