switch>en % error in authentication

Unanswered Question
Jun 8th, 2010

Hi All,

         Can anyone tell me to configure enable password in ACS 4.2.Initially I configured username and password for login authentication in ACS 4.2.Please have a look the below command i have given to switch:

aaa authentication login default group tacacs+ enable(using this command i am able to authenticate)

aaa authentication enable default group tacacs+ enable(not able to authenticate)

But i am not able to get login from switch using password.Can you tell me which password i should give to get enable mode.

Looking forward to your reply soon.

Thanks and regards..

Erfan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Tue, 06/08/2010 - 04:51

Erfan,


The command you have for enable authentication expecting enable password defined on the tacacs. Looking at the error message, it seem you don't have enable password configured on the ACS.


You need to define enable password on the ACS.


To configure CiscoSecure ACS to authenticate enable passwords and authorize enable privileges, follow these steps:


Step1 Select Interface Configuration > TACACS+ (Cisco IOS) .

The TACACS+ (Cisco) page appears.

Step2 Under Advanced Configuration Options, select the Advanced TACACS+ Features check box and click Submit .

In user profiles, CiscoSecure ACS displays the Advanced TACACS+ Features table, which provides a means of configuring enable level authorizations and password settings. In group profiles, CiscoSecure ACS displays the Enable Options table, which provides a means of configuring enable privilege authorizations at a group level.

Step3 For each user you want to grant enable privileges to, follow these steps:

a. Access the user's profile in Cisco Secure ACS. To do so, click User Setup , type the username in the User box, and click Add/Edit .

b. In the Advanced TACACS+ Settings table, confirm that, under TACACS+ Enable Control, the Use Group Level Setting option is selected. If it is not, select it.

c. Under TACACS+ Enable Password, select the password option you want to implement. The default is to use a separate enable password, which is stronger security than using the same password that grants the user basic network access; however, Cisco Secure ACS password-aging features do not support changing separate enable passwords.


HTH

JK

Do rate helpful posts-



dushyantsahani Thu, 12/23/2010 - 11:09

Hi,

I tried the setps given by Efran is not working now on ACS 4.2. Eran or someone else could you pleas ehelp me soon on this issue.

Thanks!

Actions

This Discussion