Here is quick tips for "How to control Cisco switches and router’s vty access for user privilege level 15!"
While I was testing a powershell script to save all Cisco device’s configuration in automation, I met some issue with interactive command prompts. Unfortunately, my script required "-batch" option which is disable all interactive prompts. Ended up I decided to find a solution from Cisco side.
In this case, the problem was entering "enable mode" which is required enable password input. If I can access a Cisco device with privilege 15, rest of my script will do their job.
We could configure "privilege level 15" on line vty section, but it will allow everybody access the box with privilege 15. That is not good.
ex)
line vty 0 15
transport input ssh
privilege level 15
But, here is the tip to address the issue : "aaa authorization exec"
ex) with local user database
:
aaa new-model
aaa authorization exec default local
:
username admin privilege 15 password 7 xxxxxxx
username super_admin privilege 15 password 7 xxxxxxx
username normal_user privilege 1 password 7 xxxxxxx
:
line vty 0 15
login local <— as default
When ‘admin’ and ‘super_admin’ are login Cisco device, they will get # directly, but not normal_user.
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
