Two different "enable secret level 15" for console-access?
we are using tacacs while normal operation but we want to be able to have two console passwords for troubleshooting if connectivity is lost
In many cases we are not onsite in case of an error and in such a situation we want to give a temporary access to any other person (eg. the customer technician or any other technician of our enterprise who drives to the customer). This specific password will be changed afterwards but we do not want to give this person our own console-password which is the same on all boxes, else we would need to change our password every week on every box.
Is there any solution for having two different passwords with completely full authorization (full rights) without connectivity to a tacacs-server?
Re: Two different "enable secret level 15" for console-access?
This is also what I thought, but at the moment I have the problem that if I enter the following config-commands I do not automatically enter privilege level 15 after the login. So the user still needs a enable-password for getting privilege15.
aaa authentication login console local
aaa authorization exec console local
username test privilege 15 password test
line con 0
authorization exec console
login authentication console
The user test still gets only the privilege-level 1 and not 15. So the user test still needs my enable secret password for level 15-commands which is not what I wanted.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...