enable secret command
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-31-2024 11:56 AM
Hi,
If I understand correctly, in below command, we use the "line password" method for authentication and if it fails then try enable password as the second method.
#aaa authentication login default line enable
so as long as I have:
#line vty 0 4
#password cisco
If I ssh and provide the correct password, I should be able to get authenticated, but why would this fail if I miss global command: enable password .... in my config?
Thanks
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-31-2024 01:02 PM - edited 12-31-2024 01:03 PM
I dont think this command "#aaa authentication login default line enable" exist.
And I dont think enable is fallback for line vty.
" If I ssh and provide the correct password, I should be able to get authenticated, but why would this fail if I miss global command: enable password .... in my config?"
If you provide the correct password you might be able to login in user mode. And, if have not set the enable password and you try to move to enable, you will get the following message
% No password set.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-31-2024 03:34 PM
thanks, the command does exist. and I know we get the error but what I'm trying to understand is it asks for a password while for example I ssh to the device, I have to put the password which is configured under vty line but then why do I need the 'enable password' command.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-31-2024 04:27 PM - edited 12-31-2024 04:31 PM
It Will depend on How you set the aaa
The enable password Will be used to elevate privilege with the command enable.
If you do not set the user privilege as 15, you need to use enable to enter in privilege mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2025 01:11 AM - edited 01-01-2025 03:33 AM
Hello
D@1984 wrote:#aaa authentication login default line enable
If AAA is used as above then the user will gain access to only user exec mode of the rtr via the set line vty password, no further access into privilege exec mode will be granted unless the enable secret/password has be set also.
However IF no line password isnt set then access will failover to whatever password is set for the enable secret/password feature, this then again can be also used to gain access into privilege exec mode
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
