2911 Voice Gateway enable password

I have a 2911 voice gateway router and when anyone logs in the get right on through to the en prompt. How do i force an enable password? this is through ssh I can login and get to # prompt. this is probably easy I just have never seen this before. thanks for the help

 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 password 7 110A1016141D
 login local
 transport input ssh
line vty 5 15
 privilege level 15
 login local
 transport input ssh
cj_cbAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Otto_NCommented:
Just set the privilege level on the vty lines to 1.  You can even use level 0 for a much more restrictive command set.

conf t
line vty 0 15
 privilege level 1
aleghartCommented:
What do you mean by "login"?

You already have all 16 VTYs (0-4 and 5-15) configured as 'login local'.

This means that SSH will look to the running configuration for a username and password.  Your privilege levels are set there per user.

But...you're not showing us the 'username' lines.  Try:

sh run | i username 

Open in new window


Your local users are allowed to see only commands that have a privilege level less than or equal to their current privilege level.

When you use individual username/pwd logins, there is only the priv level you have configured.  There aren't two modes like when you have a single shared password/secret.

If you want a login + enable password, you must remove the 'login local'.  Once it's there, the password and enable password will be ignored.


Keep in mind this is a public forum.  Your password translates to 'cisco'.  If this was a production config, you need to strip out or obfuscate real-world data.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cj_cbAuthor Commented:
Thanks for the help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSH / Telnet Software

From novice to tech pro — start learning today.