Authentication with enable passwords and different privilege levels

Unanswered Question
Apr 8th, 2008
User Badges:

Hi,


I'm trying to authenticate the CLI Access by using enable passwords (or secret, as you prefer). I'm not trying to do that for fun, but only because I had this during my CCIE exam...


By default, on the router, I had only one enable secret. The question was : "Add a privilege 5 secret "cisco5" and configure your router in a sort that, from the password you are typing, you are entering a different privilege level".


I've tried many configurations (including : aaa authentication default enable, aaa authentication enable default enable) and I don't know how to do that without creating local users.


My problem is not to allocate commands or rights to different privilege levels but really to allocate privilege level to a user who is only using an enable secret to authenticate.


If you have any suggestions...


Thanks.

--

Pierre-Louis

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
stevek Wed, 04/09/2008 - 02:41
User Badges:

You just specify in the enable secret line?


SW10(config)#enable secret ?

0 Specifies an UNENCRYPTED password will follow

5 Specifies an ENCRYPTED secret will follow

LINE The UNENCRYPTED (cleartext) 'enable' secret

level Set exec level password


plgingembre Wed, 04/09/2008 - 05:37
User Badges:

Hi,


Yes you could be right (and you are...), but you should type enable 5 to access privilege level 5. And unfortunately, your advice could be a good idea if the question did not mention a direct access to level 5 privilege... From the question I had, I think that there is a way to give privilege level to users when they authenticate on vty lines with enable secret.


But how ? That is the question...


Thank you.

Regards,


Pierre-Louis

Actions

This Discussion