Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!
Patrick McHenry

The Purpose of the Enable Password



If all users that have acces to the network equipment will be given level 15, is there any reason to have an enable password?

Just seems like another step to authenticate - and if we are using the same passowrd for enable that we are for the login, I don't see the point.

Thanks, Pat.    

Reza Sharifi
Hall of Fame Expert

Hi Pat,

Usually if you are using a user name and password than there is no need for enable password, but is you don't want to use a username, you can just use the enable password to login.  You can also have for example user name and password for your vty lines with one password and use just enable secret with a different password for console


Mohamed Sobair
Rising star

If the username and password is granted Access to a Network Equipment with Level/15 , then they will not be prompted with the enable Password for Authentication.

Remember, by default Cisco devices granted user priveilege with Level/1  Access, the Enable Password Grant Users for Level/15  Access to the devices.  But, Once the Users are configured with Level/15 Access, there is indeed no need for Enable Password Authentication and Surely, they will not even be prompted for Enable Password.



Thanks Mohamed,

Couple more questions:

My aaa config is below. How would I make the priviledge be 15 for users that login? If I am using the TACACS+ server to authenticate, will the priv level be configured there or on the network equipment?

Also, I tried to configure the username and password prompt but, it doesn't seem to work.I still get the login prompt.

What do I need to do to accomplish that?

Thank you again.

aaa new-model



aaa authentication password-prompt Password:

aaa authentication username-prompt Username:

aaa authentication login default group tacacs+ local

aaa authentication login con group tacacs+ local

aaa authentication enable default group tacacs+ enable


tacacs-server host key 7 XXXXXXXXXXXXXXXX

line vty 0 4

length 0

transport input ssh



as you are using local database as fallback you must configure username/password on the device with privilege level 15:

user testuser privilege 15 secret mysecret and also on the tacacs server do the same.



Don't forget to rate helpful posts.

Don't forget to rate helpful posts.