Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
241
Views
2
Helpful
4
Replies

catalyst 9300\24 Unique admin secrets and enable passwords

Go to solution
egr1985
Level 1
Level 1

‎02-05-2025 11:27 AM

Is there a way for each admin account to have its own unique secret to log into the switch and also a unique enable password to enter privilege exec mode? 

As of now we have a few username accounts with their own unique secrets to logon but we all share the same enable password ?

 

thanks for the help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎02-05-2025 12:29 PM

If all those users are good to go into privilege 15 mode then what you can do is configuring the command "privilege level 15" under all the VTY lines. This will take the authenticated user directly to privilege 15 without having to type enable.

Alternatively, if only some of them would be allowed to privilege 15 then you can rely on the rotary feature which would allow you to specify a rotary ID alongside a port for the VTY lines. Example:

ip ssh port 2001 rotary 1

line vty 5 15
   rotary 1
   privilege level 15

In that case the users that would go into privilege 15 directly would need to use port 2001 to SSH into the device. If a user don't specify port 2001 they will be taken to VTY lines from 0 to 4 where they had to type enable before they go into privilege 15 level.

View solution in original post

4 Replies 4

Go to solution
Flavio Miranda
VIP
VIP

‎02-05-2025 11:33 AM

@egr1985 

 You can not have multiple enable password. 

What you should do actually is add a TACACS server to your network to overcome this limitation and security issue. 

Go to solution
Aref Alsouqi
VIP
VIP

‎02-05-2025 12:29 PM

If all those users are good to go into privilege 15 mode then what you can do is configuring the command "privilege level 15" under all the VTY lines. This will take the authenticated user directly to privilege 15 without having to type enable.

Alternatively, if only some of them would be allowed to privilege 15 then you can rely on the rotary feature which would allow you to specify a rotary ID alongside a port for the VTY lines. Example:

ip ssh port 2001 rotary 1

line vty 5 15
   rotary 1
   privilege level 15

In that case the users that would go into privilege 15 directly would need to use port 2001 to SSH into the device. If a user don't specify port 2001 they will be taken to VTY lines from 0 to 4 where they had to type enable before they go into privilege 15 level.

Go to solution
egr1985
Level 1
Level 1

‎02-05-2025 12:40 PM

Thanks for the options. These will all be privileged users, so i will use your recommendation thank you.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to egr1985

‎02-05-2025 12:45 PM

You're welcome.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card