Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How can i manage enable password through acs

Hi all

I have couple of user in acs , all the cisco switches authentication is happening through acs( local users in acs)

and enable password locally on the switch .

Now for one user  i want to mange enable password through acs

Is it possible

Thank you

6 REPLIES

Re: How can i manage enable password through acs

Yes it is possible.

Create the user account on ACS and define the enable password for such user.  Also create a shell-profile and make sure you defined the privilege level. If you define 15 - 15 it will bypass enable mode or you could do it 1 - 15.

HTH.

New Member

Re: How can i manage enable password through acs

Hi Javier

I  tried what you said  . but did nt work

Am i missing something .

shell Exec.png

Other than this , do i need to add any commands  on the switch

Cisco Employee

Re:How can i manage enable password through acs

Hey ,

If you need to control enable authentication through ACS then we need to have command on switch .
aaa authentication enable default group tacacs enable

Once you have this command it will be a global change for all the users . Now everybody who logs in the switch will have to enter enable password which would be defined in ACS for them .

To make it short you cannot limit the enable authentication feature to a particular user .

Sent from Cisco Technical Support Android App

New Member

Re: How can i manage enable password through acs

Thanks Thushar

whats default  group means in " aaa authentication enable default group tacacs enable"

One more thing i would like to know

if  in case tacacs down i need to login locally , for that is there anything to do ?

Thanks

New Member

Re: How can i manage enable password through acs

Hi

Please advise  using the below commands , is there any problem

aaa authentication login default group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

Thanks

Silver

Re: How can i manage enable password through acs

351
Views
5
Helpful
6
Replies