cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1085
Views
5
Helpful
8
Replies
Highlighted

skip enable and ssh directly into privilege mode

hello all, first of all, sorry for my english - i am not native speaker

 

my problem is: I have lab in Cisco Packet Tracer, where I set up remote management - ssh and telnet. I want to skip enable mode and go directly into privilege mode when I enter username and password. I set up username TEST privilege 15 secre test and it worked until switch reloaded. After I reload switch and try to ssh, when I enter username and password it goes into exec mode and I have to enter enable password.

 

Can you suggest solution?

8 REPLIES 8
Highlighted
Hall of Fame Guru

When someone describes a situation where this feature worked, then the device rebooted, and now that feature no longer works my first guess is that some of the config changes that were made to enable it were not saved to startup config and were lost then the reboot took place. Can you check the current running config and verify that the changes that you made to go directly into privilege mode are still in the running config?

HTH

Rick
Highlighted

first i save config and then reboot device, but this feature no loger works. when I check running config, it shows username privilege level 5, not 15. It is strange, that routers work fine, but switches have issue

 

I have created new user from console >>> username USER privilege 15 secret PASSWORD >>> before reboot, I go to running config and there was privilege 5, not 15

Capture.PNG

Highlighted

What you have posted is interesting. Actually the 5 in that output does not relate to privilege level (which is not present in what you posted) but does relate to the encryption level of the password. There are several options in how you can configure user passwords:

- you can specify no service password-encryption (as your config does) and the default is to not encrypt the user password.

- you can specify service password-encryption and with this the user password (and several other types of passwords) will be encrypted. This encryption used type 7 encryption, which turns out to not be very secure.

- so Cisco introduced the option to specify the password type as secret (which you did) and the result uses type 5 encryption, which is much more secure.

 

So in your output the 5 relates to the more secure encryption of the password and not the privilege level. 

 

One interesting part of this is that if you did specify privilege 15 in configuring the user, why does the privilege not show up in the running config?

HTH

Rick
Highlighted

maybe is it packet tracer's bug? When I specify privilege 15 in routers, It shows in running config and works fine. Here is my router's config screen

Capture.PNG

Highlighted

Thanks for the update. I do not understand clearly where it does work as expected and where it does not work as expected. Are you saying that it does work as expected on routers and does not work as expected on switches?

 

On one of the devices where it does not work would you post these outputs

in show run the configuration of the user name 

in show start the configuration of the user name

We want to see if show run and show start have the same parameters or different parameters.

HTH

Rick
Highlighted

It works perfectly on Routers, but doesn't work on Switches

 

Running and Startup configs are 100% identical. here are screens:

 

startup.PNG

 

 

running.PNG

Highlighted

In the original post you tell us that you configure a user with privilege 15 on the switch and that it works until you reload the switch. In the output that you have posted we see that neither the running config nor the startup config have the privilege 15 parameter. I wonder how it works in the first case. Perhaps you are right that this is an issue with packet tracer.

HTH

Rick
Highlighted

now I am almost sure this is packet tracer's bug. Thank you for replies

Content for Community-Ad