Catalyst 5500 series switch and AAA

schadmin · ‎03-01-2006

We have a catalyst 5509 running the old CatOS. I have everything with Tacacs set up correctly to log in but it won't pass through any login directly to enable mode. After I log in then I have to enter the enable password. All of our other routers work fine. I am not sure if I just missed a command or not. I have attached the 2 sections of the config for you to look at. Any ideas on how I can make it go directly to enable mode?

pkhatri · ‎03-01-2006

Hi,

The config you have got simply 'enable' the use of tacacs for logging into the console and for telnet sessions. In order to have a user log directly into enable mode, configure your TACACs server to give the user a privilege level of 15. The following document describes how to do so:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml

Hope that helps - pls rate the post if it does.

Paresh

schadmin · ‎03-02-2006

We currently have our Tacacs server assigning privilege level 15 to our admin users. This works with all other routers/switches that we have (all run native IOS). It's on on this Hybrid IOS switch that I am having this issue. That is why I think maybe I am missing a command for the authorization, but since I am not very familiar with the Hybrid IOS I wasn't sure what I am missing... Any idea?

Richard Burts · ‎03-03-2006

Ken

I suspect that what you need is to include set authorization enable enable tacacs if-authenticated to your config.

Give it a try and let us know if it works.

HTH

Rick

HTH

Rick