RE: Enabling Remotely

From: Chan, Echo (Echo.Chan@xxxxxxxxxx)
Date: Thu Oct 12 2000 - 22:37:24 GMT-3

• Next message: Tony Medeiros: "Re: Enabling Remotely"
• Previous message: David L Stewart: "Looking for a lab date in January"
• Maybe in reply to: Jack Heney: "Enabling Remotely"
• Next in thread: Tony Medeiros: "Re: Enabling Remotely"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

aaa new-model
aaa authentication login default none
aaa authentication enable default none

Thanks!

-----Original Message-----
From: Justin Menga [mailto:Justin.Menga@computerland.co.nz]
Sent: Friday, October 13, 2000 7:44 AM
To: 'Brian Hescock'
Cc: 'ccielab@groupstudy.com'
Subject: RE: Enabling Remotely

WRONG!! - the Cisco IOS has 15 privilege levels. By default, exec mode has
a level of 1 and enable mode a level of 15 (access to all commands).

The default privilege level for a VTY session is 1. By specifying privilege
level 15 under the line configuration, you are giving those VTY sessions
effectively enable mode, as soon as they open the VTY session.

Also, you don't need to have an enable password/secret. The Setup prompts
convey the impression that you do, but if you start with a blank
configuration, no passwords are configured at all.

-----Original Message-----
From: Brian Hescock [mailto:bhescock@cisco.com]
Sent: Friday, 13 October 2000 8:58 a.m.
To: Justin Menga
Cc: 'Jack Heney'; 'ccielab@groupstudy.com'
Subject: RE: Enabling Remotely

You would have to at least have the enable or enable secret password set
(which I believe your question asked how to do it without any
passwords). You cannot get into enable mode when telnetting in without
having an enable or enable secret password, it's a security feature.

Brian

On Fri, 13 Oct 2000, Justin Menga wrote:

> Use the following:
>
> line vty 0 4
> no login
> no password
> privilege level 15
> exec-timeout 120
>
> The above means you don't need to login or enter a password, and you will
> automatically get to enable mode. Also the session will timeout after 120
> minutes of idle time.
>
> Regards,
>
> Justin Menga MCSE+I CCNP CCSE ASE
> WAN Specialist
> Computerland New Zealand
> PO Box 3631, Auckland
> DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
> mailto: justin.menga@computerland.co.nz
>
>
> -----Original Message-----
> From: Jack Heney [mailto:jheneyccie@hotmail.com]
> Sent: Friday, 13 October 2000 8:03 a.m.
> To: ccielab@groupstudy.com
> Subject: Enabling Remotely
>
>
> Kind of a silly question....Is there a way to allow telnet access without
> requiring any passwords (either line or enable)? Having to enable and
enter
>
> a password every time I jump from router to router from my terminal server

> has started to get under my skin (I think this is an indication that I
spend
>
> too much time in my lab). I'm at the point where I'm configuring my
routers
>
> with one-letter enable passwords, but I typing that one extra character
> (plus the extra carriage return) every time will be enough to push my
> ever-worsening carpal tunnel syndrome to the near-fatal level. Thanks,
> Jack

• Next message: Tony Medeiros: "Re: Enabling Remotely"
• Previous message: David L Stewart: "Looking for a lab date in January"
• Maybe in reply to: Jack Heney: "Enabling Remotely"
• Next in thread: Tony Medeiros: "Re: Enabling Remotely"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:26 GMT-3