1. Home
  2. Cisco Systems
  3. have 2 enable passwords?

have 2 enable passwords?

Is it possible to have 2 different enable passwords on cisco switch? I have two different users that can log in but share the same enable password

Reply to
nobody
Loading thread data ...

Only if you use TACACs and have it set to use their own password for enable privileges (NT, etc). Without this, the enable or enable secret is the same for everyone.

Reply to
Trendkill

Reply to
nobody

username user1 priv 15 secret

username user2 priv 15 secret

Then enable login local

Reply to
Merv

No, you can have only ONE enable password configured on the switch. You are confusing authentication with authorization. Enable passwords are for authentication, what commands they can do once in, is authorization. FWIW there is no privilege level 14. All commands are either privilege level 0,1 or 15. If you want greater control of what commands can be executed and different enable passwords for each user you have to use a AAA server. AAA stands for Authentication, Authorization and Accounting.

If you are using a AAA server, there really isn't any point in using or having different enable passwords. Each user has to login with their own password first, so having a different enable password is like having to login twice. Also when using a AAA server the only time that line and enable passwords configured on the switch should be used is when the AAA server is unavailable, either because of a AAA server failure or a network problem that doesn't allow connectivity to the AAA server. You ALWAYS need a alternative way to authenticate on a network device. If the network is down, you still need access to the router/switch to fix the problem.

Reply to
Thrill5

I dont think so you can have diffrent enable use/pwd. You can have diffrent user with priviledge 15.

Reply to
CK

nobody schrieb:

Not as such, but you can achieve a similar effect by activating AAA and creating two different users with privilege level 15, like this:

aaa-server LOCAL protocol local aaa authentication ssh console LOCAL aaa authorization command LOCAL username admin1 password verysecret privilege 15 username admin2 password evenmoresecret privilege 15

Then a user logging in as admin1 or admin2 with the corresponding password will have access to privileged commands without having to enter the "enable" command.

HTH T.

Reply to
Tilman Schmidt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.