Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
15
Helpful
4
Replies

The Purpose of the Enable Password

Patrick McHenry
Level 3
Level 3

‎11-19-2012 04:37 AM - edited ‎03-07-2019 10:07 AM

Hi,

  

If all users that have acces to the network equipment will be given level 15, is there any reason to have an enable password?

Just seems like another step to authenticate - and if we are using the same passowrd for enable that we are for the login, I don't see the point.

Thanks, Pat.    

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-19-2012 05:26 AM

Hi Pat,

Usually if you are using a user name and password than there is no need for enable password, but is you don't want to use a username, you can just use the enable password to login.  You can also have for example user name and password for your vty lines with one password and use just enable secret with a different password for console

HTH

Mohamed Sobair
Level 7
Level 7

‎11-19-2012 05:34 AM

If the username and password is granted Access to a Network Equipment with Level/15 , then they will not be prompted with the enable Password for Authentication.

Remember, by default Cisco devices granted user priveilege with Level/1  Access, the Enable Password Grant Users for Level/15  Access to the devices.  But, Once the Users are configured with Level/15 Access, there is indeed no need for Enable Password Authentication and Surely, they will not even be prompted for Enable Password.

Regards,

Mohamed

Patrick McHenry
Level 3
Level 3
In response to Mohamed Sobair

‎11-19-2012 06:02 AM

Thanks Mohamed,

Couple more questions:

My aaa config is below. How would I make the priviledge be 15 for users that login? If I am using the TACACS+ server to authenticate, will the priv level be configured there or on the network equipment?

Also, I tried to configure the username and password prompt but, it doesn't seem to work.I still get the login prompt.

What do I need to do to accomplish that?

Thank you again.

aaa new-model

!

!

aaa authentication password-prompt Password:

aaa authentication username-prompt Username:

aaa authentication login default group tacacs+ local

aaa authentication login con group tacacs+ local

aaa authentication enable default group tacacs+ enable

!

tacacs-server host 10.10.30.50 key 7 XXXXXXXXXXXXXXXX

line vty 0 4

length 0

transport input ssh

!

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Patrick McHenry

‎11-19-2012 06:21 AM

Hi,

as you are using local database as fallback you must configure username/password on the device with privilege level 15:

user testuser privilege 15 secret mysecret and also on the tacacs server do the same.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card