How can I prevent logging into privilege exec mode on a Cisco Switch
Hello Cisco Experts,
I have two Cisco switches (one a 3750 and one a 3650). If I log into the 3750, I go into user mode. I then have to issue the "enable" command and the provide the "enable" password to get to privilege mode. This is the way I want it to be.
On the 3650, when I log in, I go directly to privilege mode. On this switch, I don't have to provide the "enable" password to get to privilege mode.
I want to change the configuration on the 3650 to require me to input the "enable" password to get to privilege mode.
On both switches, I have setup a local user. I though maybe the privilege levels may be different and thus controlled what level I logged in at, but that doesn't appear to be the case. Below are the user setups for both switches:
3750:
username nickd privilege 15 secret 5 ********quR/Ml0Jrp8O******
3650:
username nickd privilege 15 secret 5 ********ZlH3/sdazSAN******
What configuration forces users to log in at user level?
Thanks,
Nick
I have two Cisco switches (one a 3750 and one a 3650). If I log into the 3750, I go into user mode. I then have to issue the "enable" command and the provide the "enable" password to get to privilege mode. This is the way I want it to be.
On the 3650, when I log in, I go directly to privilege mode. On this switch, I don't have to provide the "enable" password to get to privilege mode.
I want to change the configuration on the 3650 to require me to input the "enable" password to get to privilege mode.
On both switches, I have setup a local user. I though maybe the privilege levels may be different and thus controlled what level I logged in at, but that doesn't appear to be the case. Below are the user setups for both switches:
3750:
username nickd privilege 15 secret 5 ********quR/Ml0Jrp8O******
3650:
username nickd privilege 15 secret 5 ********ZlH3/sdazSAN******
What configuration forces users to log in at user level?
Thanks,
Nick
Last Comment
If I log into the 3750, I go into user mode. I then have to issue the "enable" command and the provide the "enable" password to get to privilege mode. This is the way I want it to be.Log in to global config mode on the 3650 and issue:
# enable password [thepassword]
(this is a plain-text, unencrypted password that can be viewed easily by issuing a "show run" command. )
A more appropriate method is to use the "enable secret [password]" which is at least encrypted and not viewable in plain-text in the running configuration.
On the 3650, when I log in, I go directly to privilege mode. On this switch, I don't have to provide the "enable" password to get to privilege mode.
This means you're logging in with usernames other than the generic Cisco login, which means the login local command is configured on your switches and the account you're login in from has its privilege level set to 15
Option 1
Disable the login local feature and use the default Cisco login, then set enable password as desired
Option 2
Create another user login and specify any level except for privilege level 15
Option 3
Downgrade the privilege level of the user account you're using from level 15
ASKER
Akinsd,
If I downgrade the privilege level to say 10 can I still make configuration changes if I provide the enable password (I would lab this up if I had a spare switch, but I don't. Sorry.)
Nick
If I downgrade the privilege level to say 10 can I still make configuration changes if I provide the enable password (I would lab this up if I had a spare switch, but I don't. Sorry.)
Nick
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Switches / Hubs
A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.
23K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
User level login is determined by the privilege level and aaa (if used).