Problem with usernames and enable passwords

Hello All,

   I am a bit confused with setting username passwords with enable passwords and accessing them by Telnet. If I create a username and password and try logging in through telnet I get a "password not set" error when trying to enter enable mode. When I add the privlege level 15 command I still can not log to enable mode using username and password. When I do set the enable secret password to he same as a username password I can get in. If I try to change the enable password to something different and log out and log in using Console or Telnet, the router doesn't take the enable new password. What is the proper way to set username and password with enable password and logging into Telnet. Is their something I am missing?
greenbeanx81Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

that1guy15Commented:
I think you need the "login local" command on your VTY line.

Check this guide out and see if it helps

http://www.petri.co.il/csc_how_to_configure_local_username_database_cisco_ios.htm

0
greenbeanx81Author Commented:
I have that line present in the configuration. Problem is the router asks for a enable password when one is not set and throws a "password not set" error when I do not have one.

0
that1guy15Commented:
Even though you provide a username and password you are still going to need to enter an enable password. Telnet i believe requires an enable password to be set.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

greenbeanx81Author Commented:
got it. What is weird is another router that someone set up has a username and password and and enable password but by using privelege 15 in the line vty 0 4, they are able to go into enable mode without entering enable password when connecting though telnet. Any thoughts on this?  
0
that1guy15Commented:
Ok sorry so you are right. With user level 15 it should put you in enable mode when logging in with that user even if the users password is different than the enable secret password. Here is a basic config to use but it sould like that is what you are already using. can you post your config?

enable secret cisco
line vty 0 4
login local
password password
exit
username admin priv 15 password admin
username bob priv 7 password cisco
0
greenbeanx81Author Commented:
Do I really need a password in the line vty 0 4? As I understand it login local overrides that. so I if I specify a privilege level of 7 it will take me to the user exec. Here is my config

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SBCUP2P
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$StYK$rAbJjZ4tu8Cps.oZOa8w3.
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
!
username Admin secret 5 $1$kPEt$Vls84h0sTULj4vh3PAbhZ0
!
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 no snmp trap link-status
!
interface FastEthernet0/0.99
 encapsulation dot1Q 99
 ip address 10.28.5.1 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.172
 encapsulation dot1Q 172
 ip address 172.21.173.1 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.175
 encapsulation dot1Q 175
 ip address 10.100.7.2 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description P2P connection to Torrance Branch
 ip address 192.168.1.1 255.255.255.252
 no fair-queue
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
!
ip classless
!
ip http server
!
!
control-plane
!
!
line con 0
 logging synchronous
 login local
line aux 0
 logging synchronous
 login local
line vty 0 4
 privilege level 15
 logging synchronous
 login local
!
end
0
that1guy15Commented:
I see nothing wrong with your config :(
try removing and re adding the admin user

no username admin secret 0 password
username admin secret 0 password

see if that helps

if not instead of a secret user password just set up a privilage account
useradd admin priv 15 password password

see if that works
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
greenbeanx81Author Commented:
Thank you. once I used username  privilege 15 password  I was able to log into the router at enable
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.