Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
10
Helpful
4
Replies

NX-OS and enable authentication

Go to solution
dreim
Level 1
Level 1

‎07-31-2013 09:40 AM - edited ‎03-10-2019 08:42 PM

I am trying to secure a few Nexus switches with tacacs+  I am able to authenticate logins but I don't see the command for privileged mode, for example on a 2960 switch it was; aaa authentication enable default group tacacs+ enable

Was this removed on the NX-OS software?      

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christopher Bell
Level 4
Level 4

‎07-31-2013 01:38 PM

NXOS uses RBAC so you don't need to use "enable" to get to priv mode. Your TACACS server has to be configured with the correct roles however to get priv access if that makes sense.


Sent from Cisco Technical Support Android App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Christopher Bell
Level 4
Level 4

‎07-31-2013 01:38 PM

NXOS uses RBAC so you don't need to use "enable" to get to priv mode. Your TACACS server has to be configured with the correct roles however to get priv access if that makes sense.


Sent from Cisco Technical Support Android App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

Go to solution
dreim
Level 1
Level 1
In response to Christopher Bell

‎07-31-2013 03:04 PM

Thanks! After spending some time with the debug logs I was able to work it out. I do like having a separate enable password though.

Sent from Cisco Technical Support iPad App

Go to solution
Christopher Bell
Level 4
Level 4
In response to dreim

‎07-31-2013 03:50 PM

Glad you got it worked, debugs FTW!

Sent from Cisco Technical Support iPhone App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to dreim

‎07-31-2013 06:01 PM

Hi David,

I agree with Chris. Exec authorization by-deafult enabled on NX-OS. The below listed commands are replaced by Role based access (RBAC).

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+

You can find Cisco NX-OS/IOS Software Default Configuration Differences here

Nexus user accounts and RBAC

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/sec_rbac.html

Security (AAA and Roles) Troubleshooting

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/troubleshooting/guide/n5K_ts_sec.htm

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
Customers Also Viewed These Support Documents