Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
1
Replies

Directly enter Enable-Mode when authenticated

fredfisch
Level 1
Level 1

‎03-13-2008 05:17 AM - edited ‎03-10-2019 03:43 PM

Hi there!

I want to enter Enable-Mode directly after loggin in on the switch.

At the moment I've reduced my aaa config to a very basic setup:

------------------------------------

aaa group server tacacs+ TACSERV

server192.168.0.1

tacacs-server host 192.168.0.1 key some_key

username rescue_user secret rescue_passwd

aaa authentication login default group TACSERV local line

aaa authentication enable default group TACSERV enable line

------------------------------------

The reason why I want to go to level 15 is the following: if I want to authenticate "enable" via tacacs I have to define a user "$enable$" in the tacacs config. Now it is possible to login on the switch with username "$enable$.

So everyone could start a dictionary attack with username "$enable$".

How is it possible to go directly to enable mode after logging in?

Regards,

Fred

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎03-13-2008 05:47 AM

Fred

There are at least 2 ways to accomplish your desire to go directly to enable mode. You can configure under the vty lines privilege level 15. This will take you directly to enable mode when you authenticate on one of the vty lines. Or you can configure the access in TACACS. In this case you need authorization in addition to authentication in your aaa configuration.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents