Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1331
Views
5
Helpful
3
Replies

Resetting local enable PW

cmparish5
Level 1
Level 1

‎10-15-2020 07:57 AM - edited ‎10-15-2020 08:02 AM

I want to reset my local enable secret as it keeps denying me priv-exec mode when I console into the switch.  I know that when you need to log into a switch via console you either create a separate authentication profile or modify existing one as per below...

 

1.

aaa authentication login default group ABCD local

 

(OR)

 

2.

aaa authentication login console local

line con 0

login authentication console

 

However I see my switch actually has both of the above configured.  I believe that the first method trumps the second method.  Can I just delete the config shown in method 2 then configure enable secret Cisco1?

 

If I just configure enable secret Cisco1 (since I can still get into it when it's on the network) will this effectively change the local enable secret when logging in via console?

 

 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-15-2020 08:11 AM

Depends on requirement, if you looking central authentication or you looking for console access to be local users ? rather radius ?

 

here is example and explained more :

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cmparish5
Level 1
Level 1
In response to balaji.bandi

‎10-15-2020 08:44 AM - edited ‎10-15-2020 08:45 AM

So if my config is as shown below, when logging in via console and successfully getting to the ROUTER> prompt, I need to enter the local enable secret password as defined below.  If what I think is the local enable secret isn't working, can I just go into it via SSH when it's online and change the enable secret?

 

enable secret 5 $1$SIGt$dNmBr.cBt8GZnI78QGNhF/
!
username engineer privilege 15 secret 5 $1$O7mK$rpO4vLzhxNeag/vcEVmIl0

!

aaa authentication login default group ABCD local
aaa authentication login CONSOLE local

aaa authentication enable default group ABCD enable

aaa authorization exec default group ABCD local if-authenticated

!

!

line con 0
exec-timeout 30 0
logging synchronous
login authentication CONSOLE
stopbits 1

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to cmparish5

‎10-21-2020 09:45 AM

Given the posted configuration you should be able to SSH to the device, in enable mode go into configuration mode and configure a new enable secret password. After making this change be sure to remember to copy running config to startup config.

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents