12-20-2007 06:31 AM - edited 03-10-2019 03:34 PM
I have configured the switches and routers with ACS AAA policy. My commands are like this.
aaa new-model
tacacs-server host x.x.x.x key password
tacacs-server host x.x.x.x key password
aaa authentication login default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
With this commands, when i am telnetting to Devices, instead of telnet password ACS authentication is happening where enable password is same as the switch local password.
Here i want this kind of authentication and also it should use the enable password what ever i set to user.
And also i want to restrict the users based on their Enable password.
Password change policy should reflect to this Enable password.
Please can anyone help me on this.
May i confused you with my all of the questions in single message but i want this kind of policy to be set to my company.
Hope experts reply swoon.
Thanks for all in advance.
12-20-2007 06:37 AM
12-20-2007 08:00 AM
Thanks for your reply, I will check and get back to you.
12-21-2007 05:40 AM
Here i want to use the enable password for switches and routers should be what ever i configured the user settings in ACS server user database.
I dont find any information regarding on the attached documet. Can you give me the idea.
As far as i know there should be a command
aaa authentication enable group tacacs+ local
Please help me in this regard.
01-02-2008 09:01 AM
Hello
these are the two commands you are looking for.
aaa authentication login default group tacacs+
aaa authorization exec default group tacacs+ none
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: