Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
2
Replies

ASA <aaa enable authentication> on Console port has a issue.

jerrytozhang
Level 1
Level 1

‎10-30-2008 02:37 PM - edited ‎03-10-2019 04:09 PM

Hi,There:

We're using a Cisco ACS server to do a enable authentication on the Console port of a ASA, see the below for configuation...

The weird thing is that we are able to authenticate a user through the Console port,but failure enable authentication on the Console port.

But we can get through enable authentication if using the local password set by <enable password> command instead of the one configured on ACS server.

Also if we telnet or ssh to the ASA,enable authentication works perfectly...

Any idea...?

--

aaa-server TACACS+ protocol tacacs+

reactivation-mode depletion deadtime 1

aaa-server TACACS+ (inside) host 10.10.1.1

timeout 5

key cisco

aaa authentication serial console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication ssh console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

aaa accounting ssh console TACACS+

aaa accounting command privilege 15 TACACS+

---

Thanks,

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎10-31-2008 07:18 AM

type "login" at the asa prompt from the console:

cisocasa> login

0 Helpful

Jagdeep Gambhir
Level 10
Level 10

‎10-31-2008 07:45 AM

Make sure that the group to which the user is assigned has "Max Privilege for any AAA Client "under Enable Options set to 15.

If issue is still there, please get he debug tacacs , and debug aaa authentication

Regards,

~JG

0 Helpful
Customers Also Viewed These Support Documents