Cisco router enable command

Hi Expert, I noticed the below enable command cannot enable router. If we want to enable router, we need to type this command "enable secret cisco" instead of the below one. Any expert can explain the reason ?

enable secret level 10 cisco  or
enable secret level 9 cisco or
...
eemoonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jody LemoineNetwork ArchitectCommented:
In most configurations, only level 1 (unprivileged) and level 15 (privileged) commands are configured on the router. You can assign commands manually to the other levels and then use the commands above to assign secrets to access them. If you define a level such as 9 or 10, but don't assign any commands to this level, it will be indistinguishable from level 1 when you access it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AkinsdNetwork AdministratorCommented:
I noticed the below enable command cannot enable router

You can't change the privilege level for the built in Cisco Admin account
Similar to Jody's comment there are 3 basic default levels configured > Non privileged "0" (User mode), low privileged mode "1" (similar to "0" ) and high privileged mode "15".
Privilege modes 2 to 14 behaves the same unless you modify the access levels.

To verify the levels
Create 4 user accounts as follows

Router(config)#username Fifteen privilege 15 secret cisco
Router(config)#username Ten privilege 10 secret cisco
Router(config)#username One privilege 1 secret cisco
Router(config)#username Zero privilege 0 secret cisco
Router(config)#line con 0
Router(config)#login local
Router(config)#exit
Router#exit

Now login with each user separately
Username: Zero
Password: cisco
Router>
Notice the prompt you have > That's the non-privileged mode zero = user level
Router>en
Further typing enable now takes you to privilege level 1 assuming no password is set for enable level
Exit and try User One

Username: One
Password: cisco
Router>en
Router#
Notice a similar pattern with zero

Username: Ten
Password: cisco
Router#
notice you're already in privileged mode
Type any other command eg show run, conf t
Router#show run
% Invalid input detected at '^' marker.

You'll get the same error
Your only option is to change the privilege level
Router#enable ?
  <0-15>  Enable level
  <cr>
Router#enable 15
Notice the options shown. Typing conf t or show run now works as desired
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#

Now log out and login as user Fifteen
Username: Fifteen
Password: cisco
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#
Notice that you're able to run commands

Explanation
Anytime you type "enable" at the user prompt, the device logs you in with the highest privilege which is 15
To use other privilege levels, you have to assign them to other users.
You can't change the privilege level of the default admin account using that command.
Jody LemoineNetwork ArchitectCommented:
Just a clarification on @akinsd's point. Setting up users with pre-assigned levels is a common way to associate authorization to authentication, but the built-in "enable" command also takes a level argument. The default for the "enable" command is to assign privilege level 15, but you can also issue an "enable 9" to access level 9 using the secret configured with the "enable secret level 9" configuration command. When you do this, only the secret assigned to level 9 will work and you will only have access to commands valid for level 9 users when you finish authentication.
eemoonAuthor Commented:
I typed the below two commands, but when user u9 login the router, it directly enter privilege mode. so the command "enable secret level 9  cisco " still do not have any effect.


username u9 privilege 9 cisco
enable secret level 9 cisco
eemoonAuthor Commented:
I found the answer: enable secret level 9 cisco function ----->enable 9
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.