08-09-2022 04:28 PM
I need to understand behaviour of that command
I beleive function of "enable super-user-password" is like cisco enable.
Anyone that know that password could become admin after enable
# enable super-user-password adminpwd
Let say I have user operator2 with priviledge 5
When he login using his password then type enable, he could become admin like issuing "conf t"
The problem was, when I try to disable that command using this
#no enable super-user-password
Error - delete other passwords first, delete super-user password last
then I did
need to delete in order
#no enable read-only-password
#no enable port-config-password
#no enable super-user-password
After that any user in that switch including admin can't enable anymore using their own passowrd or "super-user-password" password
?
1. what's the correct procedure to disable "super-user-password"
2. in what scenario I need to use it because anybody could become admin
tq
Solved! Go to Solution.
08-09-2022 07:35 PM
I'm not 100% sure of what you are seeing on the CLI there, but if you remove all three of those 'enable' commands, you simply will not have a default check when you type enable. I should note that this type of check is deprecated in 9.x and we now advise to use aaa lists to secure enable. If you are seeing something unexpected or need help configuring further, please feel free to open a case (see my signature).