Hi friends,
I'll try to make it simple cause i want clarify a point that is confusing me since i dont find clear docs about that:
I've 2 routers configured with AAA.
Then have 2 lists configured to use authentication based on local DB.
Have 2 users, one with privilege 1 and second with privilege 15.
On the console port obviously i've enforced the list that use also the local DB as second method.
Have another list that also use the local DB configured over VTY line.
When i authenticate by telnet i get always privilege 1 then when i enter the authorization exec command i can enable to level 15 only with my user privilege level 15.
When i authenticate by console i still get privilege 1 with all users but i can authenticate always to level 15 with every user, even those with priv 1 level and even if no authorization exec command exist over the router.
I also tried with command no privilege level 15 over the console line 0 with hope that a default behavior could exist for just that line, but didnt worked.
Is that normal?
thanks to everybody for the help