Question about locally define user privilege levels on IOS devices?

On an Cisco IOS 12.4 lab router I have defined two users.

R1(config)#username admin privilege 15 secret cisco R1(config)#username john secret cisco

When I login as admin and run the sh priv command a 15 is returned, no surprise. If I login as John and run the sh priv command a 15 is also returned, I was surprised.

Am I interpreting this correctly? If you do not assign a privilege level to a username then that user operates at the default privilege level. If you are in enable mode that level is 15. So, by not defining a privilege level you are in affect granting level 15 access.

Thanks, John

Reply to
John Heitmuller
Loading thread data ...

These aren't the config lines doing that for you then.

Look in your line vty section for the command that is setting your default privledge level for all incoming connections.

If your default priv level is the IOS default of 1, then your username login privleged level will override that. But if the line already sets priv level 15 when the user comes in, they'll get the over-ridden default..

Reply to
Doug McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.