Table of Contents
Automatically login privileged EXEC mode
By default, when you login to the CLI of a Cisco device, it is first in the user EXEC mode; by configuring the privilege level, you can make it automatically enter the privileged EXEC mode when you login to the CLI. The key is to set the privilege level to 15 when logging into the CLI.
This section describes the following two patterns of configuration that set the privilege level to 15.
- Configuring the privilege level on the line
- Configuring the privilege level for each user
Configuring the privilege level on the line
You can configure the privilege level at login with the privilege level command on the line. Configure the following command in line configuration mode.
(config)#line {con 0|aux 0|vty 0 4}
(config-line)#privilege level <level>
<level> : privilege level. 0~15
By specifying privilege level as 15, you can automatically enter the privileged EXEC mode when you login to the CLI.
For console login, configure with line con 0; for Telnet/SSH VTY access, configure with line vty 0 4. The privilege level configuration on the line does not take into account the user logging in at all.
Configuring the privilege level for each user
When logging into the CLI, authentication can be based on a locally defined username/password. When defining the user name, you can optionally configure the privilege level as shown below.
(config)#username <user> privilege <level> password <password>
<user> : username
<level> : privilege level. 0~15
<password> : password
Configure the privilege level to 15 for the user name you want to automatically enter privileged EXEC mode. Then, use the login local command to authenticate with the local username/password on the line.
(config)#line {con 0|aux 0|vty 0 4}
(config-line)#login local
For console login, configure it with line con 0. For Telnet/SSH VTY access, just configure it with line vty 0 4.
Configuration example
We will consider a simple configuration example to automatically enter the privileged EXEC mode upon CLI login. The conditions to be configured are as follows
- Automatically enter privileged EXEC mode when logging into the console
- When logging in via Telnet, if the user name is “admin”, the system will enter privileged EXEC mode. If the user name is “user,” the system will enter user EXEC mode.
Configuration
The configuration commands to satisfy the above conditions are as follows
username user password cisco username admin privilege 15 password cisco ! line con 0 privilege level 15 line vty 0 4 login local
Verification
When you log in to the console of the router (R1) with the above configuration, it will immediately enter privileged EXEC mode as shown below, and if you check the privilege level with show privilege, it is 15.
R1 con0 is now available Press RETURN to get started. R1#show privilege Current privilege level is 15
Also, when logging into the CLI via Telnet, if you set the user name as “admin”, it will automatically enter the privileged EXEC mode.
Host#telnet 192.168.12.1 Trying 192.168.12.1 ... Open User Access Verification Username: admin Password: R1#show privilege Current privilege level is 15
Cisco Basic
- Preparing for Cisco devices configuration
- Configuration files for Cisco devices
- The configuration steps for Cisco devices
- Basic knowledge of the Cisco CLI: Command types and modes
- Cisco device’s interface
- CLI help and completion
- The main error messages in CLI
- Cisco Deleting a configuration command
- default interface command -Initialize the interface settings-
- Entering commands in batches
- do command – Execute EXEC command from configuration mode –
- interface range command -Batch configuration of multiple interfaces-
- Filtering the display of the show command – displaying only the information you want to see –
- Cisco IOS Name Resolution Configuration
- terminal length command : configuration of the number of lines displayed in the command output
- debug command to verify real-time operation
- Automatically enter privileged EXEC mode upon CLI login
- Configure System Clock
- Saving and managing configuration files
- Version Management of Configuration Files ~archive command
- IOS File System Operations
- Managing Cisco Catalyst Switches :What it means to set an IP address on a switch.
- Remote management by VTY access (Telnet/SSH)
- terminal monitor command to display the log of Telnet/SSH login destination
- Multi-step Telnet Session Suspensions
- Set the minimum number of characters in the password [Cisco]
- Restrict login attempts : login block-for command
- Cisco Initial Configuration Example
- CDP – What are the connected devices? –
- Password recovery for Cisco routers
- Password Recovery for Catalyst Switches