Authentication with enable passwords and different privilege levels

Unanswered Question
Apr 8th, 2008
User Badges:


I'm trying to authenticate the CLI Access by using enable passwords (or secret, as you prefer). I'm not trying to do that for fun, but only because I had this during my CCIE exam...

By default, on the router, I had only one enable secret. The question was : "Add a privilege 5 secret "cisco5" and configure your router in a sort that, from the password you are typing, you are entering a different privilege level".

I've tried many configurations (including : aaa authentication default enable, aaa authentication enable default enable) and I don't know how to do that without creating local users.

My problem is not to allocate commands or rights to different privilege levels but really to allocate privilege level to a user who is only using an enable secret to authenticate.

If you have any suggestions...




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
stevek Wed, 04/09/2008 - 02:41
User Badges:

You just specify in the enable secret line?

SW10(config)#enable secret ?

0 Specifies an UNENCRYPTED password will follow

5 Specifies an ENCRYPTED secret will follow

LINE The UNENCRYPTED (cleartext) 'enable' secret

level Set exec level password

plgingembre Wed, 04/09/2008 - 05:37
User Badges:


Yes you could be right (and you are...), but you should type enable 5 to access privilege level 5. And unfortunately, your advice could be a good idea if the question did not mention a direct access to level 5 privilege... From the question I had, I think that there is a way to give privilege level to users when they authenticate on vty lines with enable secret.

But how ? That is the question...

Thank you.




This Discussion