Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
4
Replies

Easy question about local users.

ciscolover
Level 1
Level 1

‎03-21-2012 03:45 AM - edited ‎03-04-2019 03:44 PM

I all,

I would like to create a local user, with 15 privilege level.

I want that this user connects in the router and he can logs in the enable mode without introducing another password.

aaa new-model

aaa authentication enable default enable

Router(config)#username root privilege 15 secret 5 test

Router>en

Username:

Password:

% Access denied Router>en
Username:
Password:
% Access denied

If I create a user with privilege 15, I though that you had access to all enable commands. Why it not works?

thanks all.

Labels:
0 Helpful
4 Replies 4

Edwin Summers
Level 3
Level 3

‎03-21-2012 04:30 AM

Try:

username root privilege 15 secret 0 test

the "5" after the keyword secret indicates that the text following is the MD5 hash of the password.  To enter the unencrypted password, use the option "0".

The password will be stored as a hash in the running config (vice plain text).

Good luck!

Ed

Edited to post a general reference:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ft_md5.html

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Edwin Summers

‎03-21-2012 06:45 AM

Ed makes a good point about why the configured enable password is not working. But this does not address the fundamental issue of the original post which asks about how to have a user go directly to enable mode without requiring use of the enable password. There are 2 approaches to accomplish this:

- if you want some users to go directly to enable mode and other users to be jsut in user mode then you need to also have configured aaa authorization to do local authorization.

- if you want all users to go directly to enable mode then you can configure privilege level 15 on the vty lines and console port.

HTH

Rick

HTH

Rick
0 Helpful

Edwin Summers
Level 3
Level 3
In response to Richard Burts

‎03-21-2012 07:01 AM

Rick,

Thanks for the follow-up.  I thought from previous use that a (local) user with privilege level 15 would immediately enter "privileged exec" mode upon login.  However, I may have confused that with a system I'm currently using that has RADIUS authentication with priv-level 15 authorization automatically enabled.  I'll have to confirm this later today to refresh my memory.  Sorry to the OP if I misled you on the original question.

Ed

0 Helpful

ciscolover
Level 1
Level 1
In response to Edwin Summers

‎03-27-2012 12:41 AM

Richard, could you write a simple example?

I would like:

1º)A password when you access using telnet conection. This is the same password for all users.

2º)An user and password when you try to enther in the enable mode #

     One user can have full access.

     The other user has limited access.

I'm trying it but it not works.

Thanks-

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card