03-20-2011 01:33 AM - edited 03-06-2019 04:09 PM
I have about 15 routers in my office. One of them is Cisco 2600 series router. The problem is that before a couple of days I have configured the router. Its working fine. But whenever I telnet the router from any of LAN host the routers prompts for Username then password and then it directly goes to Privileged mode (Router1#). But other routers don’t behave like this. They first prompts for direct password then enable mode then prompts for enable password then privileged mode.
I have set enable password, line vty password etc.
Now I like to configure the router to prompt as :
1. Password
2. > enable
3. Enable password
4. #
How to do that? Please help.
Solved! Go to Solution.
03-20-2011 02:09 AM
hi,
try adding these commands and test again.
Router(config)#enable secret
Router(config)#username
Router(config)#access-list 1 permit
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#access-class 1 in
Router#write memory
03-20-2011 02:17 AM
Hi,
if you put login local under a vty line and the user has got privilege 15 then you'll have the behaviour you don't want.
To fulfiil your need you must create a user without specifying privilege then create an enable password and put login local under vty lines:
user test secret test
enable secret test
line vty 0 15
login local
Regards.
Alain.
03-20-2011 10:08 AM
if you dont want username authentication during login then you just have to enable secret. Then under line vty you will have to configure login and password.
router(config)enable secret
router(config)line vty 0 4
router(config-line)login
router(config-line)password
with the above setting when you then telnet to the router, you will have
User Access Verification
Password:
router>en
password:
so there is no username authentication. just password authentication twice.
03-20-2011 02:09 AM
hi,
try adding these commands and test again.
Router(config)#enable secret
Router(config)#username
Router(config)#access-list 1 permit
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#access-class 1 in
Router#write memory
03-20-2011 02:17 AM
Hi,
if you put login local under a vty line and the user has got privilege 15 then you'll have the behaviour you don't want.
To fulfiil your need you must create a user without specifying privilege then create an enable password and put login local under vty lines:
user test secret test
enable secret test
line vty 0 15
login local
Regards.
Alain.
03-20-2011 04:33 AM
hi alain,
im just wondering what kind of unusual behavior would happen for this scenario. please elaborate. i tested using the setup i suggested and it just works fine.
2620XM_A#telnet 192.168.1.2
Trying 192.168.1.2 ...Open
User Access Verification
Username: cisco
Password:
2620XM_B#
-----
2620XM_B#sh run
Building configuration...
Current configuration : 543 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname 2620XM_B
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
username cisco privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
!
ip classless
!
!
!
!
!
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
!
!
end
03-20-2011 10:29 AM
Hi John,
So you were put directly into enable mode without typing a password but this is the behaviour the OP didn't want.
Regards.
Alain.
03-20-2011 09:05 PM
hi alain,
i double check my simulation output and it didn't prompt for enable password. you were right and thanks for the explanation!
03-20-2011 02:20 AM
just enable secret should solve the issue. then you will be prompted just for a password which leads you to the priviledge mode.
03-20-2011 10:08 AM
if you dont want username authentication during login then you just have to enable secret. Then under line vty you will have to configure login and password.
router(config)enable secret
router(config)line vty 0 4
router(config-line)login
router(config-line)password
with the above setting when you then telnet to the router, you will have
User Access Verification
Password:
router>en
password:
so there is no username authentication. just password authentication twice.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide