Posted on January 24, 2014 6:13 pm
 |  Asked by Unknown
Print Friendly, PDF & Email
I'm working with a 7050s which has the http interface enabled and I am able to post non-privileged show commands and receive successful json output (e.g. show interfaces).  However, when I attempt to execute a command that requires configuration mode the command fails with the error message: ' 'configure' failed: invalid command.'   Executing 'show privilege' from the client indicates that the privilege level is 1, and so I assumed that by assigning the default privilege of 15 to the user that the configure command would be successful.  After adding a user:
username newuser privilege 15 secret 0 ######  role network-admin
I assumed that when I attempted the command using the new user ID that a 'show privilege' command would show 15, but it still shows 1 and the configure attempt still fails.
There is an enable password set.
The API Overview suggests that "the commands in the request are run in order on the switch, starting from enable mode if the user has that privilege level,"  which is why I assumed that setting the level to 15 for the user would work and the example shows a command list which starts with 'configure,' so I believe it must be possible.
Have I missed something, or can someone point out what I've managed to do wrong?
Posted by Mark Berly
Answered on January 24, 2014 6:13 pm

To allow privilege 15 to be effective you will need to enter the following configuration mode command:

aaa authorization exec default local

Post your Answer

You must be logged in to post an answer.