09-04-2015 01:29 AM - edited 03-10-2019 11:01 PM
Hi guys,
Has anyone done Radius authentication for switch cli login using ISE ?
We have done that in our environment with ISE, but there is a challenge for giving Read-Only/ Priv-1 access.
If some user know the enable password, they are able to use that and gain full privilege.
Anyway to workaround this other than changing the enable password?
We have thousands of switches and do not want to change on all of them.
If you have some other method please advice.
thank you in advance.
Solved! Go to Solution.
09-07-2015 12:09 PM
Well you can configure the "enable" function to also be controlled via the AAA server with the following command:
aaa authentication enable .... That way the AAA server will be checked for authentication for the enable secret and use the local database as a last resort
I hope this helps!
Thank you for rating helpful posts!
09-07-2015 12:09 PM
Well you can configure the "enable" function to also be controlled via the AAA server with the following command:
aaa authentication enable .... That way the AAA server will be checked for authentication for the enable secret and use the local database as a last resort
I hope this helps!
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide