Automatically login privileged EXEC mode

By default, when you login to the CLI of a Cisco device, it is first in the user EXEC mode; by configuring the privilege level, you can make it automatically enter the privileged EXEC mode when you login to the CLI. The key is to set the privilege level to 15 when logging into the CLI.

This section describes the following two patterns of configuration that set the privilege level to 15.

  • Configuring the privilege level on the line
  • Configuring the privilege level for each user

Configuring the privilege level on the line

You can configure the privilege level at login with the privilege level command on the line. Configure the following command in line configuration mode.

privilege levelの設定

(config)#line {con 0|aux 0|vty 0 4}
(config-line)#privilege level <level>

<level> : privilege level. 0~15

By specifying privilege level as 15, you can automatically enter the privileged EXEC mode when you login to the CLI.

For console login, configure with line con 0; for Telnet/SSH VTY access, configure with line vty 0 4. The privilege level configuration on the line does not take into account the user logging in at all.

The VTY line numbers above are examples of common values. If necessary, change the line number.

Configuring the privilege level for each user

When logging into the CLI, authentication can be based on a locally defined username/password. When defining the user name, you can optionally configure the privilege level as shown below.

privilege level configuration for local user

(config)#username <user> privilege <level> password <password>

<user> : username
<level> : privilege level. 0~15
<password> : password

Configure the privilege level to 15 for the user name you want to automatically enter privileged EXEC mode. Then, use the login local command to authenticate with the local username/password on the line.

Authentication by local user

(config)#line {con 0|aux 0|vty 0 4}
(config-line)#login local

For console login, configure it with line con 0. For Telnet/SSH VTY access, just configure it with line vty 0 4.

The VTY line numbers above are examples of common values. If necessary, change the line number.

Configuration example

We will consider a simple configuration example to automatically enter the privileged EXEC mode upon CLI login. The conditions to be configured are as follows

  • Automatically enter privileged EXEC mode when logging into the console
  • When logging in via Telnet, if the user name is “admin”, the system will enter privileged EXEC mode. If the user name is “user,” the system will enter user EXEC mode.

Configuration

The configuration commands to satisfy the above conditions are as follows

username user password cisco
username admin privilege 15 password cisco
!
line con 0
 privilege level 15
line vty 0 4
 login local

Verification

When you log in to the console of the router (R1) with the above configuration, it will immediately enter privileged EXEC mode as shown below, and if you check the privilege level with show privilege, it is 15.

R1 con0 is now available





Press RETURN to get started.












R1#show privilege
Current privilege level is 15

Also, when logging into the CLI via Telnet, if you set the user name as “admin”, it will automatically enter the privileged EXEC mode.

Host#telnet 192.168.12.1
Trying 192.168.12.1 ... Open


User Access Verification

Username: admin
Password:
R1#show privilege
Current privilege level is 15

Cisco Basic