03-01-2006 08:04 AM - edited 03-10-2019 02:29 PM
We have a catalyst 5509 running the old CatOS. I have everything with Tacacs set up correctly to log in but it won't pass through any login directly to enable mode. After I log in then I have to enter the enable password. All of our other routers work fine. I am not sure if I just missed a command or not. I have attached the 2 sections of the config for you to look at. Any ideas on how I can make it go directly to enable mode?
03-01-2006 11:25 AM
Hi,
The config you have got simply 'enable' the use of tacacs for logging into the console and for telnet sessions. In order to have a user log directly into enable mode, configure your TACACs server to give the user a privilege level of 15. The following document describes how to do so:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml
Hope that helps - pls rate the post if it does.
Paresh
03-02-2006 06:25 AM
We currently have our Tacacs server assigning privilege level 15 to our admin users. This works with all other routers/switches that we have (all run native IOS). It's on on this Hybrid IOS switch that I am having this issue. That is why I think maybe I am missing a command for the authorization, but since I am not very familiar with the Hybrid IOS I wasn't sure what I am missing... Any idea?
03-03-2006 08:26 AM
Ken
I suspect that what you need is to include set authorization enable enable tacacs if-authenticated to your config.
Give it a try and let us know if it works.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: