A Noob Cisco SDM Question?

Well as some of you guys know I'm going to be making a Cisco SDM installation CBT video and it's going to be free and I've already made it but youtube killed the quality so I have to remake it.

In doing so, I've kinda run into an "annoying" question which the answer eludes me after an hour of googling.

So I'm installing Cisco SDM on a router and I was looking through the offical Cisco documentation to make sure I was not missing anything and it said you need to apply "privilege level 15" to the vty lines.

Why is this required or is it even required?

I've done some testing and I've created 3 usernames, one with level 15 privileges, one with level 1 privileges and one with the default privileges in the local user database (which = 1) and after logging in the router via telnet, the privilege level is set by the privilege statement in the username command.

When logging in with the level 15 account, while issuing the sh privilege command i see level 15 and it gives me a privileged mode prompt.

When logging in with the level 1 account that is stated in the username statement, i see level 1 privileges and this gives me a user mode prompt

When logging in with the username that does not state the privilege level in the username statement, I get
level 1 privileges and a user mode prompt.

So why or is "privilege level 15" (which sets the default privilege level of the vty lines to 15) required for SDM?, or is it even required? So I continued my investigation and disabling local login on the vty lines and using a vty line password, when using that password to login to the router via telnet or ssh, it THEN took me to level 15 and a privileged mode prompt.

Am I missing something? I've ran all kinds of tests in the lab and from what I can tell, this command is not needed.

Feel free to throw your 2 sense in the pot for this big poker game! Someone is going to win and it might not be me haha...

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

kalebksp

Do you have an enable password/secret on your test router? My guess is that it's required so that if an enable password is set on the router the SDM will be able to get into privileged mode without knowing the enable password.

mgeorge

having a user account with level 15 privileges will automatically place them in privileged mode.

kalebksp

mgeorge wrote: »

having a user account with level 15 privileges will automatically place them in privileged mode.

Sorry, I was not quiet awake and I misunderstood your question. I thought you were asking why the account needed privilege level 15.

hypnotoad

If I'm not mistake, which I might be, SDM users must be 15's by default. Is that true?

mgeorge

hypnotoad wrote: »

If I'm not mistake, which I might be, SDM users must be 15's by default. Is that true?

You are correct in that SDM users must have level 15 privileges, but the privilege level 15 does not apply level 15 privileges to a username who has been set at level 3 privileges.

Example being, a level 15 user would have the following statement

username bob privilege 15 secret asdjlkffsdafi23%@#45a

Now if john had privilege level 3, when logging in via ssh or telnet, his privilege level does not get bumped to 15 if the privilege level 15 is assigned to the virtual terminal lines.

Which puts me back at my initial question.

The only thing I can really think of is if this command is required on older IOS versions for SDM to operate, but of course that's just speculation.