03-04-2008 10:12 PM - edited 03-10-2019 03:41 PM
Dear Sir
I have an ACS and I have many switches in the network. I used to secure the telnet and
enable access to these switches with tacacas+ authentication protocol. so the username and
password is taken form the ACS internal database. Also the enable password is taken from
the ACS. Today we changed the tacacas+ to Radius because we use the 802.1x framework on
the wired network. Dot1x authentication worked fine and when you try to telnet to the
switch the username and password is taken but the enable password isnot taken from the
ACS. When I check the configuration on the ACS under the user page I found a checkmark to
use the enable password as the PAP password of the user but this is only under tacacs+
settings how can I make this for Radius This is my question. Please answer me asap. It is
urgent.
Thanks,
03-05-2008 06:04 AM
Enable authentication was meant to function
with TACACS, and when used with RADIUS it does not perform the same. As a result, the
only way for you to get enable authentication to work with RADIUS would be to input the
username $enab15$ into your RADIUS server.
When using the Radius protocol for enable authentication on an IOS or CatOS based device, the router send a request to the Radius server for the username you
mention --$enabl15.
Hope that helps !
Regards,
~JG
Do rate helpful posts
03-06-2008 02:17 AM
Dear iqambhir
Thank you very much for your help.
I already did that but this makes the enable pasword shared with all users and we don't want that.
I want the enable password to be taken as the PAP password of the user who tries to login but I didn't find that with radius. This option is there with tacacas+.
I want to know why the router or the switch sends that user " $enab15$ ". Is this bug on the system?
Pleae, If there is any other way to authenticate the enable password with the radius submit it.
Thanks alot,
03-06-2008 09:07 AM
Well, again Enable authentication was meant to function with TACACS, and not radius. This is not a bug and is working the way it should.
With Radius , there is no way you can customized the enable password.
Hope that helps
Regards,
~JG
Do rate helpful posts
03-10-2008 02:17 AM
Dear jgambhir
Thank you for your help.
Can I use tacacs+ with the Dot1x technloogy. If yes what are the features added or subtracted from dot1x if i used the tacacs+ instead of radius.
Appreciate your help
Thanks,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: