Network Management

 View Only
  • 1.  privilege-mode

    Posted Jan 23, 2014 11:49 PM



    I have IMC 7 and a 5412zl switch with K.15.10.0009 software. I want to login with SSH to the switch using IMC radius authentication and be left at the priviledge prompt (#) at once, without having to login twice. 

    In IMC I went to "User - Access User - Device User" and added an account name with:

    Service Type = Console

    EXEC Priority = 6 
    Role Name = Administrative-User

    IP Address List of Managed Devices = Ip addresses of my switches

    On my 5412zl I have the following Radius config:

    radius-server host key "MyRadiusPass"

    aaa authentication login privilege-mode
    aaa authentication web login radius local
    aaa authentication web enable radius local
    aaa authentication ssh login radius local
    aaa authentication ssh enable radius local


    The switch communicates with IMC and let's me login with the Account Name I created; however, It won't login straight into the # always makes me login two times.
    Any ideas?


  • 2.  RE: privilege-mode

    Posted Jan 24, 2014 02:53 AM
    What "aaa authorization" config do you have?

  • 3.  RE: privilege-mode

    Posted Jan 25, 2014 10:31 PM



    I do not have any aaa authorization commands, only aaa authentication...

  • 4.  RE: privilege-mode

    Posted Jan 27, 2014 04:13 PM

    So you've got configuration to Authenticate users, but you haven't configured anything that specifies their authorization level. That's why you can login, but you're not getting the privilege level you need.


    You'll probably want to configure aaa authorization to use RADIUS.

  • 5.  RE: privilege-mode

    Posted Feb 04, 2014 03:35 PM



    It is not about the priviledge level, it's about the priviledge MODE and being able to login to the switch and be left at the # prompt through AAA authentication. I don't need to authorize commands at all.

  • 6.  RE: privilege-mode

    Posted Apr 11, 2014 10:26 AM


    I have the same problem with HP switch 2910 i must login  twice 

    is there a way to make some user only see the first level the operator 

    and another user have full access ?