Information
Login privilege level instructs the switch to accept the authenticating user's command level (manager or operator) that is supplied by the server. This allows manager-level users to skip the login context and proceed immediately to enable context, thus eliminating the need for a manager-level user to log in twice.
Solution
To allow the switch to accept the privilege level provided by the server, use the following configuration command:
switch(config)# aaa authentication login privilege-mode
To supply a privilege level for a user account on a RADIUS server, specify the "Service-Type" attribute in the user's credentials:
- Service-Type = 6 allows manager-level access
- Service-Type = 7 allows operator-level access
- A user with no Service-Type, or a Service-Type not equal to 6 or 7, is denied access
To supply a privilege level for a user account on a TACACS server, specify the "Max Privilege" level in the user's credentials:
- Max-privilege = 15 allows manager-level access
- Max-privilege = 0 allows only operator-level access