Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Directly enter Enable-Mode when authenticated

Hi there!

I want to enter Enable-Mode directly after loggin in on the switch.

At the moment I've reduced my aaa config to a very basic setup:

------------------------------------

aaa group server tacacs+ TACSERV

server192.168.0.1

tacacs-server host 192.168.0.1 key some_key

username rescue_user secret rescue_passwd

aaa authentication login default group TACSERV local line

aaa authentication enable default group TACSERV enable line

------------------------------------

The reason why I want to go to level 15 is the following: if I want to authenticate "enable" via tacacs I have to define a user "$enable$" in the tacacs config. Now it is possible to login on the switch with username "$enable$.

So everyone could start a dictionary attack with username "$enable$".

How is it possible to go directly to enable mode after logging in?

Regards,

Fred

1 REPLY
Hall of Fame Super Silver

Re: Directly enter Enable-Mode when authenticated

Fred

There are at least 2 ways to accomplish your desire to go directly to enable mode. You can configure under the vty lines privilege level 15. This will take you directly to enable mode when you authenticate on one of the vty lines. Or you can configure the access in TACACS. In this case you need authorization in addition to authentication in your aaa configuration.

HTH

Rick

197
Views
0
Helpful
1
Replies