Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5192
Views
20
Helpful
2
Replies

aaa new-model enable prompt ?

Go to solution
tedauction
Level 1
Level 1

‎01-25-2017 04:50 PM - edited ‎03-08-2019 09:03 AM

Hello, how can completely remove the need to enter 'enable' when using 'aaa new-model'.

e.g.

 I have Cisco switches configured with usernames e.g.

user myUser privilege 15 secret 5 xxxxxxxx

Then I have my vty lines configured as such:

line vty 0 4
login local
transport input ssh

So with this config, I just log in with username/password and then I am automatically at the privileged exec prompt with privilege level 15.

However, now I want to use 802.1x port-based authentication so I enter the command 'aaa new-model'.

Now I have the problem whereby I log in to a vty line, but only arrive at the executive prompt and require an enable password to proceed.

So I now have an extra step (enable password) to log in to my devices simply because I enabled 'aaa new-model'.

Is there any way to enable 'aaa new-model' without it incurring the need for me to 'enable' in to my devices ?

n.b. I can avoid the need for the enable password if I enter 'privilege level 15' within line vty 0 4, however I also have another user account on these devices which should not have privilege level 15 so this method is no good for me.

Or I could enter 'aaa authentication enable default none' which negates the need for an enable password, but I still need to enter the command 'enable' to enter priviliege exec mode. How can completely remove the need to enter 'enable' when using 'aaa new-model'.

Thank you kindly.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎01-25-2017 05:58 PM

Hello

Basic AAA would be-;

username stan privilege 15 secret stan
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local if-authenticated

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-25-2017 05:56 PM

Hi,

Do you have this command:

aaa authentication enable default group ....

If you want to go directly to enable mode than you don't need the above command.

HTH

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-25-2017 05:58 PM

Hello

Basic AAA would be-;

username stan privilege 15 secret stan
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local if-authenticated

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents