Avatar of ndalmolin_13
ndalmolin_13Flag for United States of America

asked on 

How can I prevent logging into privilege exec mode on a Cisco Switch

Hello Cisco Experts,

I have two Cisco switches (one a 3750 and one a 3650).  If I log into the 3750, I go into user mode.  I then have to issue the "enable" command and the provide the "enable" password to get to privilege mode.  This is the way I want it to be.

On the 3650, when I log in, I go directly to privilege mode.  On this switch, I don't have to provide the "enable" password to get to privilege mode.  

I want to change the configuration on the 3650 to require me to input the "enable" password to get to privilege mode.

On both switches, I have setup a local user.  I though maybe the privilege levels may be different and thus controlled what level I logged in at, but that doesn't appear to be the case.  Below are the user setups for both switches:

3750:
username nickd privilege 15 secret 5 ********quR/Ml0Jrp8O**********.

3650:
username nickd privilege 15 secret 5 ********ZlH3/sdazSAN**********.

What configuration forces users to log in at user level?

Thanks,
Nick
Switches / Hubs

Avatar of undefined
Last Comment
Akinsd
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Are you running aaa?

User level login is determined by the privilege level and aaa (if used).
Avatar of Matt Minor
Matt Minor
Flag of Canada image

If I log into the 3750, I go into user mode.  I then have to issue the "enable" command and the provide the "enable" password to get to privilege mode.  This is the way I want it to be.
Log in to global config mode on the 3650 and issue:
# enable password [thepassword]
(this is a plain-text, unencrypted password that can be viewed easily by issuing a "show run" command. )

A more appropriate method is to use the "enable secret [password]" which is at least encrypted and not viewable in plain-text in the running configuration.
Avatar of Akinsd
Akinsd
Flag of United States of America image

On the 3650, when I log in, I go directly to privilege mode.  On this switch, I don't have to provide the "enable" password to get to privilege mode.  

This means you're logging in with usernames other than the generic Cisco login, which means the login local command is configured on your switches and the account you're login in from has its privilege level set to 15

Option 1
Disable the login local feature and use the default Cisco login, then set enable password as desired

Option 2
Create another user login and specify any level except for privilege level 15

Option 3
Downgrade the privilege level of the user account you're using from level 15
Avatar of ndalmolin_13
ndalmolin_13
Flag of United States of America image

ASKER

Akinsd,

If I downgrade the privilege level to say 10 can I still make configuration changes if I provide the enable password (I would lab this up if I had a spare switch, but I don't.  Sorry.)

Nick
ASKER CERTIFIED SOLUTION
Avatar of Akinsd
Akinsd
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Switches / Hubs
Switches / Hubs

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

23K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo