Solved: Re: How to prompt to use a login password then enable password

CiscoBrownBelt · ‎02-15-2018

Anyone know how to configure a switch/router so if I login locally I must enter one password to login then another to enter privileged mode?

Reza Sharifi · ‎02-15-2018

A second password can be used for getting to enable mode:

In config mode:

enable secret [level level] {password | [encryption-type] encrypted-password}

HTH

View solution in original post

Richard Burts · ‎03-07-2018

Thanks for the update letting us know that you have resolved the issue by re-doing the user IDs in the configs.

HTH

Rick

HTH

Rick

View solution in original post

Reza Sharifi · ‎02-15-2018

A second password can be used for getting to enable mode:

In config mode:

enable secret [level level] {password | [encryption-type] encrypted-password}

HTH

CiscoBrownBelt · ‎03-07-2018

I configured enable secret level 5 like what you said and it still would not work. Even tried not entering level number.

So here are my configs (I am giving example of password I want to work):

aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

username administrator level 15 secret PPPPPP

enable secret JJJJJJJ

Richard Burts · ‎03-07-2018

To answer this question we need to see more of the configuration. In particular I am looking to see whether the line vty configuration might specify privilege-level.

HTH

Rick

HTH

Rick

CiscoBrownBelt · ‎03-07-2018

Sorry disregard I figured it out. There were too many other configs conflictin or something.

I removed password config from line vty.

Removed and re-did local username accounts and now it works.

Richard Burts · ‎03-07-2018

Thanks for the update letting us know that you have resolved the issue by re-doing the user IDs in the configs.

HTH

Rick

HTH

Rick

CiscoBrownBelt · ‎03-08-2018

I appreciate all the help guys!

Richard Burts · ‎03-08-2018

You are very welcome. I am glad that our suggestions pointed you in the right direction. And even more glad that you were able to resolve your own problem (those are the best kind of discussions on the forum). Thanks for marking this discussion as solved. This will help other readers in the forum to identify discussions which have helpful information.

HTH

Rick

HTH

Rick

CiscoBrownBelt · ‎03-09-2018

Well looks like config is different on the Nexus 3500 series.
So I create the user and do the enable password config, but upon loggin in under user and I straight into priv mode and do not have to enter a password.

Reza Sharifi · ‎03-09-2018

The Nexus is little different. You need to enable the feature first:

feature privilege

enable secret 5 <password> priv 15

username test priv 15

HTH