Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 3.2 TACACS enable password

We are looking at moving from a Solaris based TACACS server to using ACS 3.2 for tacacs. On the Solaris server, we are able to set a global enable password that all routers and switches use. Is there a way to set this on ACS, and if so, how? Thanks.

2 REPLIES
New Member

Re: ACS 3.2 TACACS enable password

I don't think that you can do this on ACS. You can set enable passord per user or group on ACS. But if you want to use the same enable password for all devices, you can disable tacacs for enable and set the enable password on device itself. Or you can make the users to use their own nt user-passwords for login and enable. that's an another alternative and easy to manage.

Bronze

Re: ACS 3.2 TACACS enable password

Ben,

This can be done on ACS 3.2

you will need to configure the enable password on the ACS, this is done under the user setup. Under User setup there is a setting, Advanced TACACS+ settings, you can define the user group level settings (must be 15) and TACACS+ enable password.

Have a look at this for a bit more info

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_qanda_item09186a0080094bac.shtml#Q46

Once you have set the password on the ACS you will need to enter the following comand into the router or switch:

aaa authentication enable default group tacacs+

this will force the use of enable restrictions you have set up in ACS, and it overrides the enable secret password on the router.

182
Views
0
Helpful
2
Replies
CreatePlease to create content