cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
959
Views
0
Helpful
3
Replies

Changing default command mode to Privileged EXEC

vzvonarov1
Level 1
Level 1

I am currently setting up a 2800 Series router, and prefer a username/password type authentication rather than a single enable password. To do this, I did:

Router(config)# username <myuser> privilege 15 secret 0 <mypassword>

Router(config)# username2 <myuser> privilege 15 secret 0 <mypassword>

Router(config)# aaa new-model

Router(config)# aaa authentication login default local

This basically does what I want - when I connect to the router through console, it immediately asks me for a username and password. The thing is - as soon as I provide the right credentials, it takes me to USER EXEC mode (the default command mode). Is it possible to change that so that after entering the credentials, I go right into privileged exec mode?

Bonus question: As it is now, I just have no enable password, so when I login with my credentials, I issue "enable" to enter privileged exec mode without it prompting for an additional password. Is it safe to do it this way - having no enable password but requiring a username and password for login?

1 Accepted Solution

Accepted Solutions

Hi,

We do this all the time. It works the same way on telnet

Line vty 0 4

Priveledge level 15

This way when we telnet in, it takes us right to priv. exec mode. Most people have the enable password the same as the telnet / console password anyway so IMHO its the same thing. If you are trying to be ultra secure, than make your enable password something different and do not use this little trick....But like I said...I use it all the time.

Paul

View solution in original post

3 Replies 3

vzvonarov1
Level 1
Level 1

For those curios, the fix is:

Router(config)# line con 0

Router(config-line)# privilege level 15

So I guess my only question is - is it safe to do this while not setting an enable/secret password?

Hi,

We do this all the time. It works the same way on telnet

Line vty 0 4

Priveledge level 15

This way when we telnet in, it takes us right to priv. exec mode. Most people have the enable password the same as the telnet / console password anyway so IMHO its the same thing. If you are trying to be ultra secure, than make your enable password something different and do not use this little trick....But like I said...I use it all the time.

Paul

Cool - I just set "Priveledge level 15" for telnet/SSH login as well, just like you said. Good to hear there are no obvious security concerns with doing it this way that I overlooked. Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: