Why Am I placed in Privilege Level 1?
Hello community,
I'm a bit confused with this behavior as I thought creating a username with privilege level 15 would automatically place the user in that privilege level when he/she logs in but instead the user gets to be put in privilege level 1. Can anyone help me understand why this happens with AAA authentication but it does not with local authentication?
R1 with AAA authentication enabled (there is not a AAA server so it falls back to local)
R1(config)#do sh run | i username admin-15|aaa authentication login VTYs|aaa new-model
aaa new-model
aaa authentication login VTYs group tacacs+ local
username admin-15 privilege 15 secret 5 $1$EhZo$JK3C7Vc55q4h8HW31gXLs.
R1(config)#do sh run | b line vty
line vty 0 4
login authentication VTYs
transport input all
R3(config)#!Telnet to R1:
R3(config)#do telnet 155.1.13.1
Trying 155.1.13.1 ... Open
================================================
=== DBZ Battlefield ===
=== Unathorized Warriors will Perish ===
================================================
Enter your Warrior ID >>>admin-15
Enter your Warrior Secret >>>
R1>sh priv
Current privilege level is 1
R2 with Local Authentication (aaa new-model command has not been entered)
R2(config)#do sh run | i username admin-15|aaa
username admin-15 privilege 15 secret 5 $1$KRW/$US.lGlh0DTKbdSLtTjNMl.
R2(config)#do sh run | b line vty
line vty 0 4
login local
transport input all
R3(config)#!Telnet to R2:
R3(config)#do telnet 155.1.23.2
Trying 155.1.23.2 ... Open
User Access Verification
Username: admin-15
Password:
R2#sh priv
Current privilege level is 15
Comments
Hello,
As privilage level is part of authorization process (which is not enabled by default), you need to configure it explicitely.
aaa authorization exec VTY local
line vty 0 4
authorization exec VTY
This should help.
Regards,
Michael
got it, thanks
You need AAA Authorization defined to the local database for the privilege level configured on the username to take effect when logging in.
[Edit]
Was a bit too late..