• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems Question about locally define user privilege levels on IOS devices?

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date Question about locally define user privilege levels on IOS devices? John Heitmuller 08-07-08  Re: Question about locally define user privilege l... Doug McIntyre 08-07-08

Posted by John Heitmuller on August 7, 2008, 9:00 am Please log in for more thread options On an Cisco IOS 12.4 lab router I have defined two users. R1(config)#username admin privilege 15 secret cisco R1(config)#username john secret cisco When I login as admin and run the sh priv command a 15 is returned, no surprise. If I login as John and run the sh priv command a 15 is also returned, I was surprised. Am I interpreting this correctly? If you do not assign a privilege level to a username then that user operates at the default privilege level. If you are in enable mode that level is 15. So, by not defining a privilege level you are in affect granting level 15 access. Thanks, John

Posted by Doug McIntyre on August 7, 2008, 4:00 pm Please log in for more thread options >On an Cisco IOS 12.4 lab router I have defined two users. >R1(config)#username admin privilege 15 secret cisco >R1(config)#username john secret cisco >When I login as admin and run the sh priv command a 15 is returned, no >surprise. If I login as John and run the sh priv command a 15 is also >returned, I was surprised. >Am I interpreting this correctly? If you do not assign a privilege >level to a username then that user operates at the default privilege >level. If you are in enable mode that level is 15. So, by not >defining a privilege level you are in affect granting level 15 access. These aren't the config lines doing that for you then. Look in your line vty section for the command that is setting your default privledge level for all incoming connections. If your default priv level is the IOS default of 1, then your username login privleged level will override that. But if the line already sets priv level 15 when the user comes in, they'll get the over-ridden default..

Similar Threads	Posted
Question about locally define user privilege levels on IOS devices?	August 7, 2008, 9:00 am
ASA 5510 Remote VPN user question	April 20, 2007, 4:21 pm
Syslog logging levels (2900 XL V12.0(5)	December 28, 2006, 7:47 am
PIX - Moving Subnet behind VPN from Locally Connected...	May 1, 2006, 7:56 pm
MQC based QOS and locally generated packets	October 4, 2007, 9:19 pm
set srcIP for ICMP replies, or for locally sourced connections?	March 27, 2008, 12:29 pm
US - NY, NJ, AZ, PA, FLA - All Levels Cisco Pros Needed - We are Cisco placement specialists	August 16, 2006, 10:36 am
PIX + privilege command	December 7, 2006, 10:58 am
Privilege level for VPN Access	January 30, 2006, 12:57 pm
Restrictied Privilege Level	February 8, 2007, 10:48 am
PIX 6 ssh login with AAA doesn't set privilege level	July 4, 2007, 5:56 am
Weird privilege problem	June 24, 2008, 3:18 pm
HTTP Server privilege seperation	November 29, 2006, 4:41 pm
PIX 6 ssh login with AAA doesn't set privilege level [REPOST]	January 4, 2008, 11:10 am
Default privilege mode for telnet access	June 19, 2006, 9:55 am

Contact Us | Privacy Policy