Problem with enable on Cisco IOS using Secure ACS

Unanswered Question
Jul 22nd, 2010

I'm having an issue getting to enable mode using Cisco Secure ACS 4.2 for authentication using RADIUS (not TACACS+).  I've added a user to ACS who is able to log into the switch just fine and I added the $enab15$ user to get to enable mode.  The question I have is this, is there a way to set up a radius user to authenticate directly to without having to use the $enab15$ account?  I know I can make it work with TACACS+ but that is not an option in this case.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sbagavat Thu, 07/22/2010 - 12:44

When configuring authentication for enable mode access using RADIUS,  only the password will be requested. The username is always sent in the following format $enab15$. There is no workaround for this. TACACS+ and local authentication would be the only alternatives.

Hope this helps.



This Discussion