No need for enable secret??

mikearama · December 2007

And that, despite having entered (and re-entered) it.

Anyone had that happen? Got a 3825 router that, once tacacs approved, goes directly to exec... no need to enter the enable password. From the console it is still mandatory, just not via telnet.

Not a biggie... just like to get it fixed. Preciate any thoughts.

Mike

dtlokee · December 2007

The TACACS server is returning a privilege level (or there is one set on the VTY lines). The console may use a different TACACS group or none at all.

Humper · December 2007

Take a look at your config

mikearama · December 2007

dtlokee wrote:

(or there is one set on the VTY lines).

That was it.

The router came with the priv level set to 15 on the vty lines... I haven't seen that before. Once removed, secret required.

Thanks.

hectorjhrdz · December 2007

cisco says:

Add Authorization

Adding authorization is optional.

By default, there are three command-levels on the router:

privilege level 0 which includes disable, enable, exit, help, and logout

privilege level 1 - normal level on a Telnet - prompt says router>

#privilege level 15 - enable level - prompt says router#

check out your aaa config

dtlokee · December 2007

mikearama wrote:

dtlokee wrote:

(or there is one set on the VTY lines).

That was it.

The router came with the priv level set to 15 on the vty lines... I haven't seen that before. Once removed, secret required.

Thanks.

Somewhere along the way the documentation for SDM said oyu needed to add the "privilege level 15" command to the vty lines for SDM to work, I have seen this on a few brand new routers and I can only assume it was done so SDM would run (even though it's not needed).

No need for enable secret??

Comments