ā02-26-2024 07:50 AM
hi all,
so this is what it looks like when i ssh in the switch, as you can see i need to go into "enable mode"
login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01>enable
Password:
4510MCR01#
but i have made it so my user auto goes into run mode 15 ie read/write, il show you in "sh run"
username admin privilege 15 secret 5
anything else i need to do for my user to go straight in enable mode
thanks,
rob
Solved! Go to Solution.
ā02-27-2024 03:47 AM
solved it
aaa new-model
aaa authentication login default local
aaa authorization exec default local
now admin auto logs in as enable mode and when i set a new user ie
username user secret password
when i log in as that user i dont get auto enable mode so it works!
ā02-26-2024 07:53 AM - edited ā02-26-2024 07:57 AM
Yes you need
Aaa authorization exec defualt local
If you use aaa new-model and only local user
MHM
ā02-26-2024 08:10 AM
didnt work
ā02-26-2024 08:13 AM
can I see the aaa config and vty line
MHM
ā02-26-2024 08:18 AM
aaa new-model
!
!
aaa authorization exec defualt local
!
!
!
!
!
!
aaa session-id common
line vty 0 4
session-timeout 10
transport input ssh
line vty 5 15
transport input ssh
i couldnt delete 0 4 as i imagine its the system
ā02-26-2024 08:41 AM
this example show you that using exec work for users
BUT the note I see I dont if it bug or it hardcoded in SW/R of Cisco
is username admin can not access after add exec so add new username and specify priv for it and make exec direct the user to it privilege level.
thanks
MHM
ā02-26-2024 07:57 AM - edited ā02-26-2024 08:00 AM
but i dont want every user to go into enable mode by default, only certain usernames
i have these in my "sh run" , what are these and are these the reason
aaa new-model
aaa session-id common
ā02-26-2024 08:02 AM - edited ā02-26-2024 08:03 AM
The other user that use privilege less than 15 and you after add above command will need to add enable password to access conf+t
For user that have privilege 15 no need that.
This again if you use only user in local db.
MHM
ā02-26-2024 08:01 AM
under line vty configure this and try
line vty 0 4
privilege level 15
ā02-26-2024 08:31 AM
but wont this mean anyone will go into default enable mode?
ā02-26-2024 08:34 AM
If they have Priv15 credential they will get into priv mode not enable mode.
ā02-26-2024 08:39 AM
but my user is already privilege 15, my problem is when i login ssh its not going straight to enable
ā02-26-2024 08:12 AM
what device model and IOS code running on it ?
Hope you are working on Local users (not any TACACS ?) - below example one user with enable password - other with directly to enable mode.
enable password mypassword
enable secret mysecret
username user1 pass userpass
username balaji privilege 15 pass bandipassword
!
line vty 0 4
login local
privilege level 15
ā02-26-2024 08:35 AM
but if i do for line vty 0 4, wont it mean all users will get enabled by default?
ā02-26-2024 08:40 AM
that is te reason you have 2 usernames as example
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide