• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 626
  • Last Modified:

Problem with Privilege levels on a Cisco 1811 running 12.4(6)T

In my config of an 1811 running version 12.4(6)T, , I have a user set up as follows:

username himom privilege 3 secret 5 <secret>

Then, in the line section, I have the following:

line vty 0 4
 privilege level 15
 login local
 transport input ssh

Yet, when user himom connects via SSH, he gets level 3 instead of 15.  The same occurs if the username definition has no privilege statement.
I can also confirm that the user is connecting to vty 0:

gw-inet.mia-cbp#show users
    Line       User       Host(s)              Idle       Location
   6 vty 0     himom      idle                 00:00:06 <ip address>

(note: I edited out my root account info and the ip addresses, but they shouldn't matter)

Can anyone tell me why user himom isn't getting level 15 upon login?

  • 2
1 Solution
Don JohnstonInstructorCommented:
When you authenticate using the local database, the priviledge level received is what the user account specifies.
guykingAuthor Commented:

I'm sorry, but I don't understand your comment.  You said "When you authenticate using the local database, the priviledge level received is what the user account specifies."

What does the "local database" have to do with the fact that the "line" privilege setting is ignored?  When else is it ignored?
Better yet, when isn't it ignored?

I am sorry that I am so clueless, but I suspect that there is some much bigger picture issue that I am missing here.

Don JohnstonInstructorCommented:
The "login local" command instructs the IOS to authenticate using the accounts defined by "username..." The "priviledge level 15" is not a factor. What matters is what priviledge level is specified in the username statement.

If you want the "priviledge level 15" command on your line vty's to take effect you need to remove the "login local" command.
Hi Guyking,

Can you tell me if you ever found the solution to the index files (low disk space) problem you had last winter?  I have the same thing going on . . .

Just email me at thomason@mchsi.com so that I don't cause trouble on * this * topic.



Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now