No need for enable secret??

And that, despite having entered (and re-entered) it.

Anyone had that happen? Got a 3825 router that, once tacacs approved, goes directly to exec... no need to enter the enable password. From the console it is still mandatory, just not via telnet.

Not a biggie... just like to get it fixed. Preciate any thoughts.

Mike

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dtlokee

The TACACS server is returning a privilege level (or there is one set on the VTY lines). The console may use a different TACACS group or none at all.

Humper

Take a look at your config

mikearama

dtlokee wrote:

(or there is one set on the VTY lines).

That was it.

The router came with the priv level set to 15 on the vty lines... I haven't seen that before. Once removed, secret required.

Thanks.

hectorjhrdz

cisco says:

Add Authorization

Adding authorization is optional.

By default, there are three command-levels on the router:

privilege level 0 which includes disable, enable, exit, help, and logout

privilege level 1 - normal level on a Telnet - prompt says router>

#privilege level 15 - enable level - prompt says router#

check out your aaa config

dtlokee

mikearama wrote:

dtlokee wrote:

(or there is one set on the VTY lines).

That was it.

The router came with the priv level set to 15 on the vty lines... I haven't seen that before. Once removed, secret required.

Thanks.

Somewhere along the way the documentation for SDM said oyu needed to add the "privilege level 15" command to the vty lines for SDM to work, I have seen this on a few brand new routers and I can only assume it was done so SDM would run (even though it's not needed).