cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
482
Views
0
Helpful
4
Replies

enable secret command

D@1984
Level 1
Level 1

Hi,

If I understand correctly, in below command, we use the "line password" method for authentication and if it fails then try enable password as the second method.

#aaa authentication login default line enable

so as long as I have:

#line vty 0 4

#password cisco

 If I ssh and provide the correct password, I should be able to get authenticated, but why would this fail if I miss global command: enable password ....  in my config?

Thanks

 

 

4 Replies 4

D@1984 

I dont think this command "#aaa authentication login default line enable" exist. 

And I dont think enable is fallback for line vty.

 

" If I ssh and provide the correct password, I should be able to get authenticated, but why would this fail if I miss global command: enable password ....  in my config?"

If you provide the correct password you might be able to login in user mode. And, if have not  set the enable password and you try to move to enable, you will get the following message

% No password set.

 

 

 

thanks, the command does exist. and I know we get the error but what I'm trying to understand is  it asks for a password while for example I ssh to the device, I have to put the password which is configured under vty line but then why do I need the 'enable password' command. 

It Will depend on How you set the aaa 

The enable password Will be used to elevate privilege with the command enable.

If you do not set the user privilege as 15, you need to use enable to enter in privilege mode

 

Hello


D@1984 wrote:

#aaa authentication login default line enable


If AAA is used as above then the user will gain access to only user exec mode of the rtr via the set line vty password, no further access into privilege exec mode will be granted unless the enable secret/password has be set also.

However IF no line password isnt set then access will failover to whatever password is set for the enable secret/password feature, this then again can be also used to gain access into privilege exec mode


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul