04-08-2008 04:39 AM - edited 03-10-2019 03:46 PM
Hi,
I'm trying to authenticate the CLI Access by using enable passwords (or secret, as you prefer). I'm not trying to do that for fun, but only because I had this during my CCIE exam...
By default, on the router, I had only one enable secret. The question was : "Add a privilege 5 secret "cisco5" and configure your router in a sort that, from the password you are typing, you are entering a different privilege level".
I've tried many configurations (including : aaa authentication default enable, aaa authentication enable default enable) and I don't know how to do that without creating local users.
My problem is not to allocate commands or rights to different privilege levels but really to allocate privilege level to a user who is only using an enable secret to authenticate.
If you have any suggestions...
Thanks.
--
Pierre-Louis
04-09-2008 02:41 AM
You just specify in the enable secret line?
SW10(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
04-09-2008 05:37 AM
Hi,
Yes you could be right (and you are...), but you should type enable 5 to access privilege level 5. And unfortunately, your advice could be a good idea if the question did not mention a direct access to level 5 privilege... From the question I had, I think that there is a way to give privilege level to users when they authenticate on vty lines with enable secret.
But how ? That is the question...
Thank you.
Regards,
Pierre-Louis
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: