Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
5
Helpful
1
Replies

Radius authentication for switch using ISE

Go to solution
Jagan1976
Level 1
Level 1

‎09-04-2015 01:29 AM - edited ‎03-10-2019 11:01 PM

Hi guys,

Has anyone done Radius authentication for switch cli login using ISE ?

We have done that in our environment with ISE, but there is a challenge for giving Read-Only/ Priv-1 access.

If some user know the enable password, they are able to use that and gain full privilege.

 

Anyway to workaround this other than changing the enable password?

We have thousands of switches and do not want to change on all of them.

If you have some other method please advice.

 

thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎09-07-2015 12:09 PM

Well you can configure the "enable" function to also be controlled via the AAA server with the following command:

aaa authentication enable .... That way the AAA server will be checked for authentication for the enable secret and use the local database as a last resort

I hope this helps!

 

Thank you for rating helpful posts!

View solution in original post

1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎09-07-2015 12:09 PM

Well you can configure the "enable" function to also be controlled via the AAA server with the following command:

aaa authentication enable .... That way the AAA server will be checked for authentication for the enable secret and use the local database as a last resort

I hope this helps!

 

Thank you for rating helpful posts!

Customers Also Viewed These Support Documents