03-20-2011 01:33 AM - edited 03-06-2019 04:09 PM
I have about 15 routers in my office. One of them is Cisco 2600 series router. The problem is that before a couple of days I have configured the router. Its working fine. But whenever I telnet the router from any of LAN host the routers prompts for Username then password and then it directly goes to Privileged mode (Router1#). But other routers don’t behave like this. They first prompts for direct password then enable mode then prompts for enable password then privileged mode.
I have set enable password, line vty password etc.
Now I like to configure the router to prompt as :
1. Password
2. > enable
3. Enable password
4. #
How to do that? Please help.
Solved! Go to Solution.
03-20-2011 02:09 AM
hi,
try adding these commands and test again.
Router(config)#enable secret
Router(config)#username
Router(config)#access-list 1 permit
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#access-class 1 in
Router#write memory
03-20-2011 02:17 AM
Hi,
if you put login local under a vty line and the user has got privilege 15 then you'll have the behaviour you don't want.
To fulfiil your need you must create a user without specifying privilege then create an enable password and put login local under vty lines:
user test secret test
enable secret test
line vty 0 15
login local
Regards.
Alain.
03-20-2011 10:08 AM
if you dont want username authentication during login then you just have to enable secret. Then under line vty you will have to configure login and password.
router(config)enable secret
router(config)line vty 0 4
router(config-line)login
router(config-line)password
with the above setting when you then telnet to the router, you will have
User Access Verification
Password:
router>en
password:
so there is no username authentication. just password authentication twice.
03-20-2011 02:09 AM
hi,
try adding these commands and test again.
Router(config)#enable secret
Router(config)#username
Router(config)#access-list 1 permit
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#access-class 1 in
Router#write memory
03-20-2011 02:17 AM
Hi,
if you put login local under a vty line and the user has got privilege 15 then you'll have the behaviour you don't want.
To fulfiil your need you must create a user without specifying privilege then create an enable password and put login local under vty lines:
user test secret test
enable secret test
line vty 0 15
login local
Regards.
Alain.
03-20-2011 04:33 AM
hi alain,
im just wondering what kind of unusual behavior would happen for this scenario. please elaborate. i tested using the setup i suggested and it just works fine.
2620XM_A#telnet 192.168.1.2
Trying 192.168.1.2 ...Open
User Access Verification
Username: cisco
Password:
2620XM_B#
-----
2620XM_B#sh run
Building configuration...
Current configuration : 543 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname 2620XM_B
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
username cisco privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
!
ip classless
!
!
!
!
!
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
!
!
end
03-20-2011 10:29 AM
Hi John,
So you were put directly into enable mode without typing a password but this is the behaviour the OP didn't want.
Regards.
Alain.
03-20-2011 09:05 PM
hi alain,
i double check my simulation output and it didn't prompt for enable password. you were right and thanks for the explanation!
03-20-2011 02:20 AM
just enable secret should solve the issue. then you will be prompted just for a password which leads you to the priviledge mode.
03-20-2011 10:08 AM
if you dont want username authentication during login then you just have to enable secret. Then under line vty you will have to configure login and password.
router(config)enable secret
router(config)line vty 0 4
router(config-line)login
router(config-line)password
with the above setting when you then telnet to the router, you will have
User Access Verification
Password:
router>en
password:
so there is no username authentication. just password authentication twice.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: