This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

enable super-user-password

Go to solution
nbctcp
New Contributor III

‎08-09-2022 04:28 PM

I need to understand behaviour of that command

I beleive function of "enable super-user-password" is like cisco enable.
Anyone that know that password could become admin after enable

# enable super-user-password adminpwd
Let say I have user operator2 with priviledge 5
When he login using his password then type enable, he could become admin like issuing "conf t"


The problem was, when I try to disable that command using this

#no enable super-user-password
Error - delete other passwords first, delete super-user password last
then I did
need to delete in order
#no enable read-only-password
#no enable port-config-password
#no enable super-user-password

After that any user in that switch including admin can't enable anymore using their own passowrd or "super-user-password" password

?
1. what's the correct procedure to disable "super-user-password" 
2. in what scenario I need to use it because anybody could become admin
tq

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
BenBeck
Moderator
Moderator

‎08-09-2022 07:35 PM

I'm not 100% sure of what you are seeing on the CLI there, but if you remove all three of those 'enable' commands, you simply will not have a default check when you type enable. I should note that this type of check is deprecated in 9.x and we now advise to use aaa lists to secure enable. If you are seeing something unexpected or need help configuring further, please feel free to open a case (see my signature). 

 

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
BenBeck
Moderator
Moderator

‎08-09-2022 07:35 PM

I'm not 100% sure of what you are seeing on the CLI there, but if you remove all three of those 'enable' commands, you simply will not have a default check when you type enable. I should note that this type of check is deprecated in 9.x and we now advise to use aaa lists to secure enable. If you are seeing something unexpected or need help configuring further, please feel free to open a case (see my signature). 

 

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us
0 Kudos
Copyright © 2024 Khoros, LLC