11-19-2012 04:37 AM - edited 03-07-2019 10:07 AM
Hi,
If all users that have acces to the network equipment will be given level 15, is there any reason to have an enable password?
Just seems like another step to authenticate - and if we are using the same passowrd for enable that we are for the login, I don't see the point.
Thanks, Pat.
11-19-2012 05:26 AM
Hi Pat,
Usually if you are using a user name and password than there is no need for enable password, but is you don't want to use a username, you can just use the enable password to login. You can also have for example user name and password for your vty lines with one password and use just enable secret with a different password for console
HTH
11-19-2012 05:34 AM
If the username and password is granted Access to a Network Equipment with Level/15 , then they will not be prompted with the enable Password for Authentication.
Remember, by default Cisco devices granted user priveilege with Level/1 Access, the Enable Password Grant Users for Level/15 Access to the devices. But, Once the Users are configured with Level/15 Access, there is indeed no need for Enable Password Authentication and Surely, they will not even be prompted for Enable Password.
Regards,
Mohamed
11-19-2012 06:02 AM
Thanks Mohamed,
Couple more questions:
My aaa config is below. How would I make the priviledge be 15 for users that login? If I am using the TACACS+ server to authenticate, will the priv level be configured there or on the network equipment?
Also, I tried to configure the username and password prompt but, it doesn't seem to work.I still get the login prompt.
What do I need to do to accomplish that?
Thank you again.
aaa new-model
!
!
aaa authentication password-prompt Password:
aaa authentication username-prompt Username:
aaa authentication login default group tacacs+ local
aaa authentication login con group tacacs+ local
aaa authentication enable default group tacacs+ enable
!
tacacs-server host 10.10.30.50 key 7 XXXXXXXXXXXXXXXX
line vty 0 4
length 0
transport input ssh
!
11-19-2012 06:21 AM
Hi,
as you are using local database as fallback you must configure username/password on the device with privilege level 15:
user testuser privilege 15 secret mysecret and also on the tacacs server do the same.
Regards.
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide