As per normal conditions, to go in enable mode we type >enable command, and router/switch asks for password. However, what are the possibilites for a router/switch to ask both username and password on enable mode as well.
The aaa commands on router/switch as below:
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
A bit more facts observed are, to log in the router/switch I use my username/pwd (TACACS credentials). However, when I hit >enable command, then either mine or anybody else's (having the appropriate rights) username/pwd credentials works for enable login.
Is it something to be done on TACACS / ACS or the router/switch itself?