Enable password setting through ACS

Unanswered Question
Dec 20th, 2007
User Badges:

I have configured the switches and routers with ACS AAA policy. My commands are like this.

aaa new-model

tacacs-server host x.x.x.x key password

tacacs-server host x.x.x.x key password

aaa authentication login default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

With this commands, when i am telnetting to Devices, instead of telnet password ACS authentication is happening where enable password is same as the switch local password.

Here i want this kind of authentication and also it should use the enable password what ever i set to user.

And also i want to restrict the users based on their Enable password.

Password change policy should reflect to this Enable password.

Please can anyone help me on this.

May i confused you with my all of the questions in single message but i want this kind of policy to be set to my company.

Hope experts reply swoon.

Thanks for all in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Thu, 12/20/2007 - 06:37
User Badges:
  • Green, 3000 points or more

Have a look at the attached document to configure shell command authorization which should help you configure restrictions based on their credentials



psureshrao Thu, 12/20/2007 - 08:00
User Badges:

Thanks for your reply, I will check and get back to you.

psureshrao Fri, 12/21/2007 - 05:40
User Badges:

Here i want to use the enable password for switches and routers should be what ever i configured the user settings in ACS server user database.

I dont find any information regarding on the attached documet. Can you give me the idea.

As far as i know there should be a command

aaa authentication enable group tacacs+ local

Please help me in this regard.

strykerb41 Wed, 01/02/2008 - 09:01
User Badges:


these are the two commands you are looking for.

aaa authentication login default group tacacs+

aaa authorization exec default group tacacs+ none


This Discussion