Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Catalyst 5500 series switch and AAA

We have a catalyst 5509 running the old CatOS. I have everything with Tacacs set up correctly to log in but it won't pass through any login directly to enable mode. After I log in then I have to enter the enable password. All of our other routers work fine. I am not sure if I just missed a command or not. I have attached the 2 sections of the config for you to look at. Any ideas on how I can make it go directly to enable mode?


Re: Catalyst 5500 series switch and AAA


The config you have got simply 'enable' the use of tacacs for logging into the console and for telnet sessions. In order to have a user log directly into enable mode, configure your TACACs server to give the user a privilege level of 15. The following document describes how to do so:

Hope that helps - pls rate the post if it does.


New Member

Re: Catalyst 5500 series switch and AAA

We currently have our Tacacs server assigning privilege level 15 to our admin users. This works with all other routers/switches that we have (all run native IOS). It's on on this Hybrid IOS switch that I am having this issue. That is why I think maybe I am missing a command for the authorization, but since I am not very familiar with the Hybrid IOS I wasn't sure what I am missing... Any idea?

Hall of Fame Super Gold

Re: Catalyst 5500 series switch and AAA


I suspect that what you need is to include set authorization enable enable tacacs if-authenticated to your config.

Give it a try and let us know if it works.



CreatePlease to create content