[c-nsp] local privilege level question

Ziv Leyes zivl at gilat.net
Wed Jan 12 03:18:52 EST 2011


Or, if you're not using nor plan to use any kind of aaa with an external device, you can do

no aaa-new model
username johndoe privilege 15 password blabla
!
line vty 0 4
 no password
 login local
!


This works for me for a totally local based authentication

HTH
Ziv


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Daniele Orlandi
Sent: Wednesday, January 12, 2011 12:42 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] local privilege level question

On Tuesday 11 January 2011 21:58:10 Greg Whynott wrote:
> hello,
> 
> on an ASR1004 we have local accounts where the privilege level is set to
> 15.   when I type 'en' it still asks for the enable password.   is there
> away to prevent this behavior so that persons with local accounts/15 
> priv can execute level 15 commands without being prompted?
> 
> we are not using any external sources for authentication,  its all local.

Hi Greg,

Try enabling "aaa authorization exec default local none" because the privilege is assigned in authorization phase.

Ciao,

--
  Daniele "Vihai" Orlandi
  Bieco Illuminista #184213
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!

******** This mail was sent via Mail-SeCure System.********



 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************






More information about the cisco-nsp mailing list