Second level authentication.
Hi Stefan, I read the document and thanks for giving the link, that was helpful. Well I think i put my question in a wrong way. Let me put it in a different way. I dont want the user to go directly in priv mode. through priv level = 15 we direclty get into priv level right. what i am looking for is first the user get into user level and then with another password in level 2. (not with enable password)..it should be through RADIUS server. Ashish
You want a shell user to get to privilege mode without typing "enable"and knowing enable password? I am quite certain that Cisco spent many years making sure that's impossible. If you find a way to do that you can blackmail them for a hell of a lot of money. Ivan Kalik Kalik Informatika ISP Dana 19/7/2007, "ashish verma" <ashish.scit@gmail.com> piše:
Hi Stefan,
I read the document and thanks for giving the link, that was helpful.
Well I think i put my question in a wrong way. Let me put it in a different way.
I dont want the user to go directly in priv mode. through priv level = 15 we direclty get into priv level right.
what i am looking for is first the user get into user level and then with another password in level 2. (not with enable password)..it should be through RADIUS server.
Ashish
Hi,
You want a shell user to get to privilege mode without typing "enable"and knowing enable password? I am quite certain that Cisco spent many years making sure that's impossible. If you find a way to do that you can blackmail them for a hell of a lot of money.
err, TACACS+ with priv_lvl 15 - they helped write that protocol alan
Hello, ashish! You wrote on Thu, 19 Jul 2007 22:21:30 +0530: av> I dont want the user to go directly in priv mode. av> through priv level = 15 we direclty get into priv level right. av> what i am looking for is first the user get into user level and av> then with av> another av> password in level 2. (not with enable password)..it should be av> through RADIUS av> server. What I can say for sure is that Cisco (router sofware v12.4) sends request for user '$enab15$' when you type 'enable' or 'enable 15'. If you type 'enable 2', it will send request for user '$enab2$', if you type 'enable 3' - '$enab3$' and so on. Of course you must have in Cisco config something like aaa authentication enable default group radius With best regards, Alexander V. Klepikov. E-mail: klepikov_a@up.ua
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Alexander V. Klepikov -
ashish verma -
Claudiu Filip -
tnt@kalik.co.yu