I am a newbie, having just recently acquired my CCNA. I have a new 2811 that I am configuring and the login process is not working as I am used to seeing it work. During the initial setup of the router, I followed the instructions in the banner that indicated I should configure a user and password using the following command:
username router privilege 15 secret 5 password
The privilege keyword is not something I have seen before. I have since researched it and understand it but I think this command is getting in the way of the "standard" login procedure I am used to seeing; in other words, entering a console or vty password followed by using the "enable" command and entering the enable password to get into privileged mode. As it stands now, I can telnet to the router, enter the username and password and get right into privileged mode. I can't decide if this is a security issue or not. The password that is associated with this login method is encrypted just like the enable password I am used to so it seems as though it should be OK. I also configured vty and console passwords on this router but I am now wondering if they are necessary. Will this "privileged" command suffice for both vty and console access? Can anybody shed any light on this for me?
Dan, if you enter the privilege 15 command this will take you directly to the enabled mode. This is the 'expected' behavior. If you don't want this to happen, change it to:
no username router privilege 15 secret 5 password
username router secret 5 password
Making CLI users login 'directly' into the enable/privileged mode is considered 'less' secure. But that is relative to your security policy and usability requirements. However you will required a privilege 15 user if you plan to user the web-interface to manage the box.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...