06-28-2008 08:59 AM - edited 03-09-2019 08:59 PM
I am a newbie, having just recently acquired my CCNA. I have a new 2811 that I am configuring and the login process is not working as I am used to seeing it work. During the initial setup of the router, I followed the instructions in the banner that indicated I should configure a user and password using the following command:
username router privilege 15 secret 5 password
The privilege keyword is not something I have seen before. I have since researched it and understand it but I think this command is getting in the way of the "standard" login procedure I am used to seeing; in other words, entering a console or vty password followed by using the "enable" command and entering the enable password to get into privileged mode. As it stands now, I can telnet to the router, enter the username and password and get right into privileged mode. I can't decide if this is a security issue or not. The password that is associated with this login method is encrypted just like the enable password I am used to so it seems as though it should be OK. I also configured vty and console passwords on this router but I am now wondering if they are necessary. Will this "privileged" command suffice for both vty and console access? Can anybody shed any light on this for me?
Thank you.
Dan Harris
06-30-2008 11:58 PM
Dan, if you enter the privilege 15 command this will take you directly to the enabled mode. This is the 'expected' behavior. If you don't want this to happen, change it to:
no username router privilege 15 secret 5 password
username router secret 5 password
Making CLI users login 'directly' into the enable/privileged mode is considered 'less' secure. But that is relative to your security policy and usability requirements. However you will required a privilege 15 user if you plan to user the web-interface to manage the box.
Regards
Farrukh
07-02-2008 02:48 PM
Farrukh,
Thanks for the help.
Dan Harris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide