Not asking for enable password

Answered Question
Jun 17th, 2008

Hi,,,

I have 1800 cisco router. i have already set enable secret password for the router but while i access the router. it doesnt ask me for enable password and directly goes to privileged mode.

I have this problem too.
0 votes
Correct Answer by Joseph W. Doherty about 8 years 5 months ago

It's because of the "privilege level 15" within the VTY configs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Pravin Phadte Tue, 06/17/2008 - 02:39

Hi,

Can you paste the config for the password setting and line vty output.

Regards

Pravin

chiragvyas_50 Tue, 06/17/2008 - 03:39

Hi,,,,,

Pravin, Pls find below my config file...

RLI_Veraval#sh run

Building configuration...

Current configuration : 2170 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RLI_Veraval

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret xxx

!

no aaa new-model

!

resource policy

!

ip cef

!

!

!

!

ip domain name yourdomain.com

username cisco privilege 15 secret xxx

!

!

!

interface Loopback0

ip address 97.x.x.171 255.255.255.255

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$

ip address 10.129.225.193 255.255.255.192

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface Serial0/1/0

ip address 97.x.x.181 255.255.255.252

encapsulation ppp

!

interface Serial0/1/1

no ip address

shutdown

clock rate 2000000

!

ip route 0.0.0.0 0.0.0.0 97.11.9.182

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege le

vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username privilege 15 secret 0

no username cisco

Replace and with the username and password you want to use

.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

password cisco

login

line aux 0

line vty 0 4

privilege level 15

password cisco

login

transport input telnet

line vty 5 15

privilege level 15

password cisco

login

transport input telnet

!

scheduler allocate 20000 1000

end

RLI_Veraval#

Joseph W. Doherty Tue, 06/17/2008 - 03:02

A couple of ways this could be happening, is there a "priviledge 15" within the VTY? Or, are you using AAA with RADIUS or TACACS which is putting the logon into enabled state?

Pravin Phadte Tue, 06/17/2008 - 04:05

Joseph Is correct.

remove the vty 0 4 privilege level 15 and

line vty 5 15 privilege level 15.

regards,

pravin

Actions

This Discussion