Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Question regarding intermal users ACS 5.1

Hi,

I am running ACS 5.1 and having some internal users created under Users and Identity Stores.

I can specify the user and password (which works fine), but I can also specify an enable password.

This enable password does not work as to enter privilege mode on the router.

For example, I can log in via telnet using the ACS local user, but always have to use the enable password locally defined on the router (not the enable password for that user defined on the ACS).

What's the purpose of this enable password option on the ACS?

Federico.

2 REPLIES
Cisco Employee

Re: Question regarding intermal users ACS 5.1

Federico,


Can you please post the output of your AAA configuration..

Typically for what you are trying to achieve requires at miniumum the following.

aaa authentication login default group tacacs

aaa authentication enable default group tacacs

or radius in place of tacacs.

Re: Question regarding intermal users ACS 5.1

Hi,

I am running ACS 5.1 and having some internal users created under Users and Identity Stores.

I can specify the user and password (which works fine), but I can also specify an enable password.

This enable password does not work as to enter privilege mode on the router.

For example, I can log in via telnet using the ACS local user, but always have to use the enable password locally defined on the router (not the enable password for that user defined on the ACS).

What's the purpose of this enable password option on the ACS?

Federico.

Hi Federico,

In our data center we are using enable mode password as the same password for login at the first time,so we have configured the following command to accept the same and also configured few setting under user to take the same password PAP for enable password also the same.So login and enable password for users is the same which is configured in internal user database of ACS.


aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

289
Views
10
Helpful
2
Replies