Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6136
Views
0
Helpful
2
Replies

switch>en % error in authentication

eahmed007
Level 1
Level 1

‎06-08-2010 02:25 AM - edited ‎03-10-2019 05:10 PM

Hi All,

         Can anyone tell me to configure enable password in ACS 4.2.Initially I configured username and password for login authentication in ACS 4.2.Please have a look the below command i have given to switch:

aaa authentication login default group tacacs+ enable(using this command i am able to authenticate)

aaa authentication enable default group tacacs+ enable(not able to authenticate)

But i am not able to get login from switch using password.Can you tell me which password i should give to get enable mode.

Looking forward to your reply soon.

Thanks and regards..

Erfan

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-08-2010 04:51 AM

Erfan,


The command you have for enable authentication expecting enable password defined on the tacacs. Looking at the error message, it seem you don't have enable password configured on the ACS.


You need to define enable password on the ACS.


To configure CiscoSecure ACS to authenticate enable passwords and authorize enable privileges, follow these steps:

Step1 Select Interface Configuration > TACACS+ (Cisco IOS) .

The TACACS+ (Cisco) page appears.

Step2 Under Advanced Configuration Options, select the Advanced TACACS+ Features check box and click Submit .

In user profiles, CiscoSecure ACS displays the Advanced TACACS+ Features table, which provides a means of configuring enable level authorizations and password settings. In group profiles, CiscoSecure ACS displays the Enable Options table, which provides a means of configuring enable privilege authorizations at a group level.

Step3 For each user you want to grant enable privileges to, follow these steps:

a. Access the user's profile in Cisco Secure ACS. To do so, click User Setup , type the username in the User box, and click Add/Edit .

b. In the Advanced TACACS+ Settings table, confirm that, under TACACS+ Enable Control, the Use Group Level Setting option is selected. If it is not, select it.

c. Under TACACS+ Enable Password, select the password option you want to implement. The default is to use a separate enable password, which is stronger security than using the same password that grants the user basic network access; however, Cisco Secure ACS password-aging features do not support changing separate enable passwords.


HTH

JK

Do rate helpful posts-



~Jatin
0 Helpful

dushyantsahani
Level 1
Level 1
In response to Jatin Katyal

‎12-23-2010 11:09 AM

Hi,

I tried the setps given by Efran is not working now on ACS 4.2. Eran or someone else could you pleas ehelp me soon on this issue.

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents