Solved: Re: Not asking for enable password

chiragvyas_50 · ‎06-17-2008

Hi,,,

I have 1800 cisco router. i have already set enable secret password for the router but while i access the router. it doesnt ask me for enable password and directly goes to privileged mode.

Joseph W. Doherty · ‎06-17-2008

It's because of the "privilege level 15" within the VTY configs.

View solution in original post

Pravin Phadte · ‎06-17-2008

Hi,

Can you paste the config for the password setting and line vty output.

Regards

Pravin

chiragvyas_50 · ‎06-17-2008

Hi,,,,,

Pravin, Pls find below my config file...

RLI_Veraval#sh run

Building configuration...

Current configuration : 2170 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RLI_Veraval

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret xxx

!

no aaa new-model

!

resource policy

!

ip cef

!

ip domain name yourdomain.com

username cisco privilege 15 secret xxx

!

interface Loopback0

ip address 97.x.x.171 255.255.255.255

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$

ip address 10.129.225.193 255.255.255.192

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface Serial0/1/0

ip address 97.x.x.181 255.255.255.252

encapsulation ppp

!

interface Serial0/1/1

no ip address

shutdown

clock rate 2000000

!

ip route 0.0.0.0 0.0.0.0 97.11.9.182

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege le

vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username privilege 15 secret 0

no username cisco

Replace and with the username and password you want to use

.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

password cisco

login

line aux 0

line vty 0 4

privilege level 15

password cisco

login

transport input telnet

line vty 5 15

privilege level 15

password cisco

login

transport input telnet

!

scheduler allocate 20000 1000

end

RLI_Veraval#

Joseph W. Doherty · ‎06-17-2008

It's because of the "privilege level 15" within the VTY configs.

Joseph W. Doherty · ‎06-17-2008

A couple of ways this could be happening, is there a "priviledge 15" within the VTY? Or, are you using AAA with RADIUS or TACACS which is putting the logon into enabled state?

Pravin Phadte · ‎06-17-2008

Joseph Is correct.

remove the vty 0 4 privilege level 15 and

line vty 5 15 privilege level 15.

regards,

pravin

joshcrr24 · ‎06-13-2018

Garcias, I saw that in the running config that was (not aaa new-model) just enable

[SW-01 (config) #aaa new-mode] and done.

veevekraj · ‎05-04-2017

If you need enable password prompt for vty 0 4(telnet) then config is as below:-

#enable pass cisco

#enable secret cisco1

#username admin pass admin

#username cisco privilege 5 pass cisco

#line vty 0 4

login local

privilege level 15

Telnet will ask for user and password. If you telnet through user admin then it will also ask for enable secret (not enable).

If you telnet with user cisco then it will not ask for enable password. So privilege level command in vty will not affect enable password.