Re: privilege-mode

aniblade · ‎01-23-2014

Hello,

I have IMC 7 and a 5412zl switch with K.15.10.0009 software. I want to login with SSH to the switch using IMC radius authentication and be left at the priviledge prompt (#) at once, without having to login twice.

In IMC I went to "User - Access User - Device User" and added an account name with:

Service Type = Console

EXEC Priority = 6
Role Name = Administrative-User

IP Address List of Managed Devices = Ip addresses of my switches

On my 5412zl I have the following Radius config:

radius-server host 10.18.7.2 key "MyRadiusPass"

aaa authentication login privilege-mode
aaa authentication web login radius local
aaa authentication web enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

The switch communicates with IMC and let's me login with the Account Name I created; however, It won't login straight into the # prompt...it always makes me login two times.
Any ideas?

LindsayHill · ‎01-23-2014

What "aaa authorization" config do you have?

__
@northlandboy

aniblade · ‎01-25-2014

Lindsay,

I do not have any aaa authorization commands, only aaa authentication...

LindsayHill · ‎01-27-2014

So you've got configuration to Authenticate users, but you haven't configured anything that specifies their authorization level. That's why you can login, but you're not getting the privilege level you need.

You'll probably want to configure aaa authorization to use RADIUS.

__
@northlandboy

aniblade · ‎02-04-2014

Lindsay,

It is not about the priviledge level, it's about the priviledge MODE and being able to login to the switch and be left at the # prompt through AAA authentication. I don't need to authorize commands at all.

MohammadH · ‎04-11-2014

Hello

I have the same problem with HP switch 2910 i must login twice

is there a way to make some user only see the first level the operator

and another user have full access ?

Re: privilege-mode

privilege-mode