Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius authentication for the enable password

Dear Sir

I have an ACS and I have many switches in the network. I used to secure the telnet and

enable access to these switches with tacacas+ authentication protocol. so the username and

password is taken form the ACS internal database. Also the enable password is taken from

the ACS. Today we changed the tacacas+ to Radius because we use the 802.1x framework on

the wired network. Dot1x authentication worked fine and when you try to telnet to the

switch the username and password is taken but the enable password isnot taken from the

ACS. When I check the configuration on the ACS under the user page I found a checkmark to

use the enable password as the PAP password of the user but this is only under tacacs+

settings how can I make this for Radius This is my question. Please answer me asap. It is

urgent.

Thanks,

4 REPLIES

Re: Radius authentication for the enable password

Enable authentication was meant to function

with TACACS, and when used with RADIUS it does not perform the same. As a result, the

only way for you to get enable authentication to work with RADIUS would be to input the

username $enab15$ into your RADIUS server.

When using the Radius protocol for enable authentication on an IOS or CatOS based device, the router send a request to the Radius server for the username you

mention --$enabl15.

Hope that helps !

Regards,

~JG

Do rate helpful posts

New Member

Re: Radius authentication for the enable password

Dear iqambhir

Thank you very much for your help.

I already did that but this makes the enable pasword shared with all users and we don't want that.

I want the enable password to be taken as the PAP password of the user who tries to login but I didn't find that with radius. This option is there with tacacas+.

I want to know why the router or the switch sends that user " $enab15$ ". Is this bug on the system?

Pleae, If there is any other way to authenticate the enable password with the radius submit it.

Thanks alot,

Re: Radius authentication for the enable password

Well, again Enable authentication was meant to function with TACACS, and not radius. This is not a bug and is working the way it should.

With Radius , there is no way you can customized the enable password.

Hope that helps

Regards,

~JG

Do rate helpful posts

New Member

Re: Radius authentication for the enable password

Dear jgambhir

Thank you for your help.

Can I use tacacs+ with the Dot1x technloogy. If yes what are the features added or subtracted from dot1x if i used the tacacs+ instead of radius.

Appreciate your help

Thanks,

397
Views
0
Helpful
4
Replies
CreatePlease to create content