Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enable secret

I am a newbie, having just recently acquired my CCNA. I have a new 2811 that I am configuring and the login process is not working as I am used to seeing it work. During the initial setup of the router, I followed the instructions in the banner that indicated I should configure a user and password using the following command:

username router privilege 15 secret 5 password

The privilege keyword is not something I have seen before. I have since researched it and understand it but I think this command is getting in the way of the "standard" login procedure I am used to seeing; in other words, entering a console or vty password followed by using the "enable" command and entering the enable password to get into privileged mode. As it stands now, I can telnet to the router, enter the username and password and get right into privileged mode. I can't decide if this is a security issue or not. The password that is associated with this login method is encrypted just like the enable password I am used to so it seems as though it should be OK. I also configured vty and console passwords on this router but I am now wondering if they are necessary. Will this "privileged" command suffice for both vty and console access? Can anybody shed any light on this for me?

Thank you.

Dan Harris

2 REPLIES

Re: Enable secret

Dan, if you enter the privilege 15 command this will take you directly to the enabled mode. This is the 'expected' behavior. If you don't want this to happen, change it to:

no username router privilege 15 secret 5 password

username router secret 5 password

Making CLI users login 'directly' into the enable/privileged mode is considered 'less' secure. But that is relative to your security policy and usability requirements. However you will required a privilege 15 user if you plan to user the web-interface to manage the box.

Regards

Farrukh

New Member

Re: Enable secret

Farrukh,

Thanks for the help.

Dan Harris

327
Views
10
Helpful
2
Replies