Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5073
Views
20
Helpful
7
Replies

Cisco Router 1800 Not promting for Enable Password

Rabnawaz Anwar
Level 1
Level 1

‎08-30-2012 06:09 AM - edited ‎03-04-2019 05:25 PM

Hi,

I have a cisco 1801 router that is not prompting for enable password.After loging into router thru telnet it puts direct into privelege mode without promting for enable password.Here is the configuration:

User Access Verification

Username: admin
Password:
xxxxx#sh run
Building configuration...

Current configuration : 2132 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
enable password 7 022F0A5D0208063555692B
!
no aaa new-model
!
!
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool LAN
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
!
!
!
multilink bundle-name authenticated
!
!
username admin privilege 15 password 7 112017031E1C02181D
username user privilege 3 password 7 091D1C5A100B111B05051033
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc xxxxx
  pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
no cdp enable
!
interface FastEthernet0
no ip address
shutdown
speed auto
full-duplex
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface FastEthernet4
no cdp enable
!
interface FastEthernet5
shutdown
no cdp enable
!
interface FastEthernet6
shutdown
no cdp enable
!
interface FastEthernet7
shutdown
no cdp enable
!
interface FastEthernet8
shutdown
no cdp enable
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp chap hostname xxxxxxx
ppp chap password 7 xxxxxxx
ppp pap sent-username xxxxxxx password 7 xxxxxxxx
ppp ipcp dns request accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
login local
line aux 0
line vty 0 4

  login local
!
no process cpu extended
no process cpu autoprofile hog
end

xxxxxx#

Labels:
0 Helpful
7 Replies 7

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎08-30-2012 06:19 AM

Hi Anwar,

Please insert the command:

router(Config)#Enable secret cisco

line con 0

password cisco

login local

lin vty 015

passsword cisco

login local

and theny try again.

Regards

please rate if it helps.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-30-2012 06:21 AM

Hello Rabnawaz,

as you can see a user is given privilege 15

>> username admin privilege >>>15 <<<

I would expect this is the reason for the behaviour you see

if you log in with the other account you should not achieve privilege 15

you can check the privilege level with

show privilege

at router prompt

Edit:

Sandeep is right you need also to set an enable password follow his instructions

Hope to help

Giuseppe

Peter Paluch
Cisco Employee
Cisco Employee
In response to Giuseppe Larosa

‎08-30-2012 07:06 AM

Hello everyone,

In addition to Giuseppe's explanation, one more thing to consider: both admin and user have their privilege level above 1: the admin has 15 (the true enable level) and the user has 3. Even though 3 is not a full enable privilege level, the router will nevertheless display a # prompt instead of $. That does not mean that the user is necessarily equipped with full privileges, rather, it means that the user has a privilege level higher than 1.

In other words, the $ prompt is used for privilege levels 0 and 1. The # prompt is used for all other privilege levels.

Best regards,

Peter

Rabnawaz Anwar
Level 1
Level 1
In response to Peter Paluch

‎08-30-2012 08:27 AM

Hi,

I have removed the existing accounts and created new one without using privilege keyword.Now it is prompting for enable password.But I have created another user and given him certain privilege levels and noticed that privilege level 0,1 if allocated to a user then it prompts for enable password and have can view and edit configuration.All other privilege levels if assign to a user then router will not prompt for password and have limited access  and could not view or edit configuration except level 15.

Now I have read in some article that higher you provide privilege level higher access you given to user.But as I have noticed this is not true and privilege levels 0 and 1 have higher router access as equal to level 15.In between privilige levels have same and limited functionality.

After trying different privilege levels I am become confused and could not understand the cisco privilege levels concept.I have searched a lot for any brief document that could provide a list of 0-15 levels and their respective functionality and access.So please clear my this confusion and tell me any document that have brief list of these levels and their usage examples and functionality access.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Rabnawaz Anwar

‎08-30-2012 08:34 AM

Hello Rabnawaz,

privilege levels 2-14 are provided for user customization: it is possible to associate some exec or  configuration commands with a single privelege level 2-14. By doing so you can provide a customized subset of commands available to a user account with privilege up to that level.

By default no command is associated to privilege levels 2-14 this is the reason why they look like meaningless with default settings.

see the examples in the link below from 12.2 security configuration guide

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfpass.html#wp1001383

Hope to help

Giuseppe

Alessio Andreoli
Level 5
Level 5
In response to Giuseppe Larosa

‎08-31-2012 05:01 AM

Hi Giuseppe,

please let me partially (and very respecfully) disagree. Although i totally agree when you state that the levels 2-14 are for customisation, i don't see these level like meaningless-like. Setting a login for priviledge 10 is well different than setting the same login for privilege 5. it is true that no much granularity is in it but there are precise default that Cisco implemented for each privilege level.

Having said this, i also think that without associating determined commands to determined privileges, this customisation is not that useful.

Take Care

Alessio

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Alessio Andreoli

‎08-31-2012 05:44 AM

Hello Alessio,

I should have written that privilege levels 2-14 are of limited use without additional commands

Thanks for your note.

Best Regards

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card