Cisco IOS: Associate a user with default higher privileges

Basic Example:

• username MY_USER secret MY_PASSWORD
• username MY_USER password MY_PASSWORD

Create user

Router#config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#username MY_USERNAME_1 privilege 5
Router(config)#username MY_USERNAME_2 privilege 7
Router(config)#username MY_USERNAME_3 privilege 15
Router(config)#^Z
Router#
Ref: https://www.oreilly.com/library/view/hardening-cisco-routers/0596001665/ch04.html

Verify:

sh running-config | inc user
username MY_USERNAME_2 privilege 7 password 7 04060F04241D1C5A5T
username MY_USERNAME_3 privilege 15

Example with error:

Router(config)#username MY_USER privilege 15 password MY_PASSWORD
WARNING: Command has been added to the configuration using a type 0 password. However, type 0 passwords will soon be deprecated. Migrate to a supported password type

Password: Enable Type 9 passwords for username MY_USERNAME_1

Read first: https://learningnetwork.cisco.com/docs/DOC-27166

R1(config)#username MY_USERNAME_1 algorithm-type scrypt secret MY_PASSWORD
R1(config)#

Error in case user where already created with password option:

R1(config)#username MY_USERNAME_1 algorithm-type scrypt secret MY_PASSWORD
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.

Delete user

R1(config)#no username USERNAME_TO_DELETE
This operation will remove all username related configurations with same name.Do you want to continue? [confirm]

Related terms

• sh run | i user
• show users
• privilege
• admin account

Activities

1. Configure a user with public key access Cisco IOS/Configure public RSA key authentication
2. Learn about different Cisco Router Password Types: https://learningnetwork.cisco.com/docs/DOC-27166
3. List users: show running-config | inc username
4. Delete a user with no username USERNAME_TO_DELETE command

See also

• Cisco IOS: Cisco IOS XE, Config (mode), VLANs, Cisco IOS logging, VTP, ACLs, show logging, show logging history, show interface status, debug, archive, show archive, conf t, int, ip http server, ip ssh, ip address, vty, show mac address-table, show access-list, Access-list, ip access-group, admin
• wikipedia:Scrypt key derivation function

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: https://en.wikiversity.org/wiki/Cisco_IOS/Associate_a_user_with_default_higher_privileges