08-24-2010 05:54 AM - edited 03-06-2019 12:37 PM
Suppose you have a 2960 switch.
I have understood, but I am not so sure, these concepts:
1. In order to get "enable mode", there is only a password, the same password from console, telnet or SSH.
2. In order to login, there is, if you want, a different password from console, telnet or SSH.
3. If I use SSH, I can set different pairs username - password, in order to login too.
Is it true? Is it possible there are not different enable passwords?
Thanks.
08-24-2010 06:00 AM
Hello,
If you are using username/passwords for login and if you set different
privilege levels for each user, you can set different enable passwords
associated with those privilege levels.
enable password level
Hope this helps.
Regards,
NT
08-24-2010 06:11 AM
So, without different privilege levels, a concept that I do not know yet, I can
distinguish only the login passwords from console, telnet or SSH.
Thanks for the answer.
08-24-2010 07:50 PM
Hi,
You can set up several users with different privilege level.
1. create users with password and proper priv level
username admin priv 15 password cisco
username bob priv 1 password cisco
2. Enable local login under line
line vty 0 4
login local --> this will make telnet user to authenticate through local user database
line con 0
login local
3. User who telnet to router will have to type user name admin and password cisco to log on as admin and get priv level 15
More detail on priv level.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
privilege level 0 — Includes the disable, enable, exit, help, and logout commands.
privilege level 1 — Normal level on Telnet; includes all user-level commands at the router> prompt.
KK.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: