Not asking for enable password

Answered Question
Jun 17th, 2008
User Badges:

Hi,,,


I have 1800 cisco router. i have already set enable secret password for the router but while i access the router. it doesnt ask me for enable password and directly goes to privileged mode.

Correct Answer by Joseph W. Doherty about 9 years 1 week ago

It's because of the "privilege level 15" within the VTY configs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Pravin Phadte Tue, 06/17/2008 - 02:39
User Badges:
  • Silver, 250 points or more

Hi,


Can you paste the config for the password setting and line vty output.


Regards

Pravin

chiragvyas_50 Tue, 06/17/2008 - 03:39
User Badges:

Hi,,,,,


Pravin, Pls find below my config file...


RLI_Veraval#sh run

Building configuration...


Current configuration : 2170 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RLI_Veraval

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret xxx

!

no aaa new-model

!

resource policy

!

ip cef

!

!

!

!

ip domain name yourdomain.com

username cisco privilege 15 secret xxx

!

!

!

interface Loopback0

ip address 97.x.x.171 255.255.255.255

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$

ip address 10.129.225.193 255.255.255.192

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface Serial0/1/0

ip address 97.x.x.181 255.255.255.252

encapsulation ppp

!

interface Serial0/1/1

no ip address

shutdown

clock rate 2000000

!

ip route 0.0.0.0 0.0.0.0 97.11.9.182

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege le

vel of 15.


Please change these publicly known initial credentials using SDM or the IOS CLI.


Here are the Cisco IOS commands.


username privilege 15 secret 0

no username cisco


Replace and with the username and password you want to use

.


For more information about SDM please follow the instructions in the QUICK START


GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

password cisco

login

line aux 0

line vty 0 4

privilege level 15

password cisco

login

transport input telnet

line vty 5 15

privilege level 15

password cisco

login

transport input telnet

!

scheduler allocate 20000 1000

end


RLI_Veraval#


Correct Answer
Joseph W. Doherty Tue, 06/17/2008 - 03:43
User Badges:
  • Super Bronze, 10000 points or more

It's because of the "privilege level 15" within the VTY configs.

Joseph W. Doherty Tue, 06/17/2008 - 03:02
User Badges:
  • Super Bronze, 10000 points or more

A couple of ways this could be happening, is there a "priviledge 15" within the VTY? Or, are you using AAA with RADIUS or TACACS which is putting the logon into enabled state?

Pravin Phadte Tue, 06/17/2008 - 04:05
User Badges:
  • Silver, 250 points or more

Joseph Is correct.


remove the vty 0 4 privilege level 15 and

line vty 5 15 privilege level 15.


regards,


pravin


veevekraj1 Thu, 05/04/2017 - 08:39
User Badges:

If you need enable password prompt fot vty 0 4(telnet) then config is as below:-


#enable pass cisco

#enable secret cisco1


#username admin pass admin

#username cisco privilege 5 pass cisco


#line vty 0 4

   login local

   privilege  level 15


Telnet will ask for user and password. If you telnet through user admin then it will also ask for enable secret (not enable).

If you telnet with user cisco then it will not ask for enable password. So privilege level command in vty will not affect enable password.


Actions

This Discussion