06-14-2009 10:12 PM - edited 03-06-2019 06:15 AM
Hi,
With the user admin, I deleted the enable secret from the configuration and did not add a new one and exited.
Now I can log in with admin user but upon doing 'enable' I get 'Error in Authentication'.
enable secret is still visible in the startup-config as I did not save the configs.
How can I activate the enable mode (Level 15) without doing any reboot etc.
I can however, get into the enable (Level 7) mode but unfortunately, 'config t' is restricted on Level 7.
Please assist.
Thanks a lot.
06-14-2009 10:31 PM
Hi
Do u have solarwinds u can modufy the config using SNMP string.
Thanks
Mahmood
06-14-2009 10:35 PM
Yes. I do have SolarWinds. How can I modify the config/add the enable secret via SNMP from SolarWinds.
SNMP is configured for Read-Only string though.
Thanks
06-14-2009 10:53 PM
Hi
U can configure using the config viewer utility but as u said u have only read only string then its not going to work.
R u not able to access the device even if connected from console..?
Thanks
Mahmood
06-14-2009 10:58 PM
Currently, I can only ssh over IP network.
I will have to travel to the physical site for console access which is not at all a problem.
Would'nt the enable (Level 15) be restricted on console as well.
Thanks.
06-15-2009 05:18 AM
If you are using a TACACS+ server, you can assign privileges to Level 7 from the server itself so you can get into the configuration mode and make the necessary changes. Once the changes are made, you can revert the privileges on the server.
If you aren't using a TACACS+ server, the only suggestion is to reload. You can schedule a reload from the switch.
The console won't provide any additional access on this case.
__
Edison.
06-15-2009 06:34 AM
Hi,
We are not using TACACS+ server. I tried from the console and it didn't ask for the enable password. And hence I was able to do the required changes.
Does removing all enable secrets from the configuration and removes the need to put in the enable password from the console.
Regards.
06-15-2009 06:39 AM
Yes, you can have either enable secret, enable password or both in the configuration.
It seems you were able to gain access from the console without a password prompt because you have 'no login' under line con 0.
http://www.cisco.com/en/US/docs/ios/termserv/command/reference/tsv_a1.html#wp1030077
On this case, it helped you solve the problem but it's not recommended to have this command in the config as it violates a security practice to secure the console.
__
Edison.
06-15-2009 09:49 PM
Hi,
I checked the config and the line console 0 does not have 'no login' configuration.
What could be the other reason for enable to work without password.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide