Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
5
Helpful
4
Replies

About AAA new-model

ccna-angus
Level 1
Level 1

‎09-29-2016 09:31 AM - last edited on ‎03-25-2019 05:35 PM by Community Manager

Hi everyone,

I want to know if this is Cisco default privilege behavior when logging as user with privilege 15 local account, the prompt always giving me > level until I have to type enable to get #:

How do I login user with privilege 15 in aaa to get switch# prompt directly?

Here is config:

username admin privilege 15 secret 5 $1$kzA3$KlDvZHlhTcB4D/La2gLPt.

aaa new-model

aaa authentication login default local

aaa authorization exec default local

line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!

Labels:
0 Helpful
4 Replies 4

Gagandeep Singh
Cisco Employee
Cisco Employee

‎09-29-2016 11:37 AM

Use "priv level 15" under  VTY lines...

Regards

Gagan

PS: rate if it helps!!!

0 Helpful

ccna-angus
Level 1
Level 1
In response to Gagandeep Singh

‎09-29-2016 06:05 PM

I know that command " pri 15" under vty will work. My point is why " aaa authorization exec default local" not apply to admin account when vty in?

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to ccna-angus

‎09-29-2016 07:25 PM

It depends, what is authorizing the login? Gagan noted the easiest way which bypasses the authorization.

0 Helpful

rasmus.elmholt
Level 7
Level 7

‎12-29-2016 05:45 AM

Try the "login local"/"login authentication default" command under the line vty/con

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#username admin privilege 15 secret admin
Switch(config)#aaa new-model
Switch(config)#aaa authentication login default local
Switch(config)#aaa authorization exec default local
Switch(config)#end
Switch#
*Dec 29 13:35:11.252: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.2.2)

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line con 0
Switch(config-line)#login local
 ^
% Invalid input detected at '^' marker.

Switch(config-line)#login ?
 authentication Authentication parameters.

Switch(config-line)#login au
Switch(config-line)#login authentication ?
 WORD Use an authentication list with this name.
 default Use the default authentication list.

Switch(config-line)#login authentication default ?
 <cr>

Switch(config-line)#login authentication default
Switch(config-line)#end
Switch#exit

Press RETURN to get started.







User Access Verification

Username: admin
Password:

Switch#
Switch#

Customers Also Viewed These Support Documents