Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

console is authenticating to AAA but unable to enter enable mode

When i enter vty i can log in straight to priv leve 15-authenticating to tacacs-

howerver when i try through the conosle port, i get in via  privliege level 1

howerver when i attemt to enable..i get asked for a password, and the enable password i have configured does not work

aaa authentication attempts login 2
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ none
aaa accounting system default start-stop group tacacs+
!

line con 0
password 7 11ddddD
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 0605ddddddd41
logging synchronous
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 06ddddd4F41
logging synchronous
transport input telnet ssh
!

2 REPLIES
New Member

Re: console is authenticating to AAA but unable to enter enable

hmm i just disabled the ACS server and cant login via the console using local auth

Cisco Employee

Re: console is authenticating to AAA but unable to enter enable

It is not working because you have "aaa authentication enable default group tacacs+ enable".

If you are locked out I would suggest password recovery and using aaa authentication and authorization commands carefully. Here is a guide to help you http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_aaa_overview_external_docbase_0900e4b1805adb64_4container_external_docbase_0900e4b1807af93e.html

I hope it helps.

PK

434
Views
0
Helpful
2
Replies
CreatePlease login to create content