Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NX-OS and enable authentication

I am trying to secure a few Nexus switches with tacacs+  I am able to authenticate logins but I don't see the command for privileged mode, for example on a 2960 switch it was; aaa authentication enable default group tacacs+ enable

Was this removed on the NX-OS software?      

  • AAA Identity and NAC
1 ACCEPTED SOLUTION

Accepted Solutions

Re:NX-OS and enable authentication

NXOS uses RBAC so you don't need to use "enable" to get to priv mode. Your TACACS server has to be configured with the correct roles however to get priv access if that makes sense.


Sent from Cisco Technical Support Android App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
4 REPLIES

Re:NX-OS and enable authentication

NXOS uses RBAC so you don't need to use "enable" to get to priv mode. Your TACACS server has to be configured with the correct roles however to get priv access if that makes sense.


Sent from Cisco Technical Support Android App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
New Member

Re: Re:NX-OS and enable authentication

Thanks! After spending some time with the debug logs I was able to work it out. I do like having a separate enable password though.

Sent from Cisco Technical Support iPad App

Re: Re:NX-OS and enable authentication

Glad you got it worked, debugs FTW!

Sent from Cisco Technical Support iPhone App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
Cisco Employee

Re: Re:NX-OS and enable authentication

Hi David,

I agree with Chris. Exec authorization by-deafult enabled on NX-OS. The below listed commands are replaced by Role based access (RBAC).

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+

You can find Cisco NX-OS/IOS Software Default Configuration Differences here

Nexus user accounts and RBAC

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/sec_rbac.html

Security (AAA and Roles) Troubleshooting

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/troubleshooting/guide/n5K_ts_sec.htm

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
149
Views
10
Helpful
4
Replies
This widget could not be displayed.