08-06-2015 09:03 AM - edited 03-08-2019 01:16 AM
Hello,
I am configuring a new acces for telnet,first,Switch asks me username and password,after he askes me again "enable password",
But I want it enters directly without asking me "enable password"
besown my config::
Building configuration...
Current configuration : 3385 bytes
!
! Last configuration change at 11:22:22 UTC Thu Aug 6 2015 by Toki
! NVRAM config last updated at 11:22:24 UTC Thu Aug 6 2015 by Toki
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
username admin password 0 admin
aaa new-model
!
!
aaa authentication login VTY-AAA group tacacs+ local
!
!
!
!
!
!
aaa session-id common
system mtu routing 1500
!
!
!
!
crypto pki trustpoint TP-self-signed-708314112
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-708314112
 revocation-check none
 rsakeypair TP-self-signed-708314112
!
!
crypto pki certificate chain TP-self-signed-708314112
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3730 38333134
  31313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  9D9E1095 BC66808D 18F5BF1B 055B1861 E593AD7C C5D4B513 996E230F AB66F9F1
  0A66B505 681234B4 C3EC6617 39F4D180 069B6732 70635A1B 582CE11C 0405988A
  23041830 168014D3 E35E7438 2F6867B0 9D790D08 E4C9D825 E8750F30 1D060355
  4886F70D 01010505 00038181 00617D91 2F1DD4E3 4E858C95 D7163CE7 CBFEC616
  D0A95007 0D9964BE 7B7E02A3 4C45A6C1 DA1C58D7 589CCEEA 06315156 5DE9FDA8
  726A1944 55A3C57C 32A38E29 E71E0165 CD60A763 051FB881 E6D90C70 293D8E41
  F707D5FA F4AAC529 98A01188 2302E59B FC889ABE 1BB380D4 A55FACE1 1BFC1CF9
  06B60457 1A394E13 C6568538 2E
        quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
 switchport access vlan 7
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
 description Trunk
 switchport mode trunk
 srr-queue bandwidth share 1 30 30 10
 priority-queue out
 mls qos trust dscp
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 110.10.119.5 255.255.255.0
!
ip http server
ip http secure-server
tacacs-server host 192.168.0.5 key verySecret
!
!
!
!
line con 0
line vty 0 4
 login authentication VTY-AAA
line vty 5 15
!
ntp server 192.168.0.2
end
Best Regards
08-07-2015 12:40 PM
When you login via Telnet, it puts you in user mode, the only way to get to privileged exec mode is to have enable or enable secret set. Only access through a console without a enable password allows a user to move to privileged exec mode. It's an extra security mechanism.
That being said (with this current config) if you login via another username than admin and because your using Tacacs Plus, set that username to privilege level 15 it should login you in as privileged vs user mode. For example, create username adminremote and set it's privilege level to 15 in Tacacs. Though I would highly recommend that you go to SSH vs Telnet for security reasons. Please let me if this fixes it for you.
Regards,
Kevin
08-07-2015 01:16 PM
Hi,
You can go directly to enable mode by adding the command privilege level 15 within line vty context.
line vty 0 4 [..] privilege level 15 !
Also see the forum question TACACS+ with cisco 3560 switch configuration question and note the caution regarding security.
Regards
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide