Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

disabling enable?

Using new model aaa with local users on recent IOS, can I let a user do everything except run the "enable" command to enter privileged mode?

Then a read-only user would be unable to enable even if they knew the enable secret, and admins would need two passwords to change things.

Thanks.

Paul

1 ACCEPTED SOLUTION

Accepted Solutions

Re: disabling enable?

Paul,

Please check this link,

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

Regards,

~JG

Do rate helpful posts

2 REPLIES

Re: disabling enable?

Paul,

Please check this link,

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

Regards,

~JG

Do rate helpful posts

New Member

Re: disabling enable?

Thanks, JG. I may have learned something trying to apply the info:

Best I can tell, in the IOS security model, a user defined as privilege 15 is NOT at 15 when they first log in, but at 1. They must enter enable and reenter their password to reach 15. (True??)

So to "disable enable" I must

- create a user at priv 0

- add the show commands to priv 0

- and elevate "enable" to priv 1

I think.

97
Views
0
Helpful
2
Replies