Possible To Only Have To Enter Password 1 time?

Unanswered Question
Jul 12th, 2007

I have configured some of our network devices to authenticate to our TACACS server. Some of the network engineers have asked me to see if I can come up with a way that they don't have to type in their password twice on the network devices. I saw a different thread,


and I followed what was stated in their, however I still have to type in my password twice. I have made sure that they shell privilege level is set for 15. Anyone have any ideas?

Attached is the related router config.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

tacacs-server host

tacacs-server host

tacacs-server key 7 <omitted>

Thanks for the help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
somishra Thu, 07/12/2007 - 05:59

Remove the command -

aaa authentication enable default group tacacs+ enable

Hope this helps,


pugs17211721 Thu, 07/12/2007 - 06:45

If I do a

no aaa authentication enable default group tacacs+ enable

then when I try to sign in, I get NBOH-2940-001-IS>en


% Access denied

I have attached a screenshot of the ACS server.

parmsing Thu, 07/12/2007 - 06:50

First of all, if you have exec command and shell priv option checked you should be in # prompt, you should not be following in user> mode. Please send the following debugs when trying authentication.

-debug aaa authentication

-debug aaa authorization

-debug tacacs



Jagdeep Gambhir Thu, 07/12/2007 - 06:51

Hi ,

What is the IOS ver you have on the box. Please make sure that the attachment is from tacacs and not the other one.

Make sure that you are a part of that group on which changes has been made. Also check if you have anything set at user level ?



parmsing Thu, 07/12/2007 - 06:03


As you already have aaa authorization exec command in place, You only have to enable the privilev level field under Tacacs+ settings on group and mention 15 as privilege there and that should do it.

I have attached screen shoot for your reference.



Jagdeep Gambhir Thu, 07/12/2007 - 06:04


No need to do enable authentication.

Please take that out and it will work fine.




This Discussion