Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Catalyst 5500 series switch and AAA

We have a catalyst 5509 running the old CatOS. I have everything with Tacacs set up correctly to log in but it won't pass through any login directly to enable mode. After I log in then I have to enter the enable password. All of our other routers work fine. I am not sure if I just missed a command or not. I have attached the 2 sections of the config for you to look at. Any ideas on how I can make it go directly to enable mode?

3 REPLIES
Purple

Re: Catalyst 5500 series switch and AAA

Hi,

The config you have got simply 'enable' the use of tacacs for logging into the console and for telnet sessions. In order to have a user log directly into enable mode, configure your TACACs server to give the user a privilege level of 15. The following document describes how to do so:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Catalyst 5500 series switch and AAA

We currently have our Tacacs server assigning privilege level 15 to our admin users. This works with all other routers/switches that we have (all run native IOS). It's on on this Hybrid IOS switch that I am having this issue. That is why I think maybe I am missing a command for the authorization, but since I am not very familiar with the Hybrid IOS I wasn't sure what I am missing... Any idea?

Hall of Fame Super Gold

Re: Catalyst 5500 series switch and AAA

Ken

I suspect that what you need is to include set authorization enable enable tacacs if-authenticated to your config.

Give it a try and let us know if it works.

HTH

Rick

140
Views
0
Helpful
3
Replies
CreatePlease to create content