Directly enter Enable-Mode when authenticated

Unanswered Question
Mar 13th, 2008
User Badges:

Hi there!


I want to enter Enable-Mode directly after loggin in on the switch.

At the moment I've reduced my aaa config to a very basic setup:


------------------------------------

aaa group server tacacs+ TACSERV

server192.168.0.1

tacacs-server host 192.168.0.1 key some_key

username rescue_user secret rescue_passwd


aaa authentication login default group TACSERV local line

aaa authentication enable default group TACSERV enable line

------------------------------------


The reason why I want to go to level 15 is the following: if I want to authenticate "enable" via tacacs I have to define a user "$enable$" in the tacacs config. Now it is possible to login on the switch with username "$enable$.

So everyone could start a dictionary attack with username "$enable$".


How is it possible to go directly to enable mode after logging in?


Regards,


Fred

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 03/13/2008 - 05:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Fred


There are at least 2 ways to accomplish your desire to go directly to enable mode. You can configure under the vty lines privilege level 15. This will take you directly to enable mode when you authenticate on one of the vty lines. Or you can configure the access in TACACS. In this case you need authorization in addition to authentication in your aaa configuration.


HTH


Rick

Actions

This Discussion