Re: CATOS Tacacs and authentication

strykerb41 · ‎11-15-2007

All- I am implementing TACACS across the network.

all the IOS's, Pix's and VPN solutions are complete.

The problem is the CAT OS switches,

i am testing with a CATOS 2948G switch.

see the config below.

Cisco Systems, Inc. Console

OMKSW02 (Cisco Catalyst 2948G)

Access Restricted...

Username: catsoup

Password:*********

OLTEST2948G en

Enter password:********

OLTEST2948G (enable) sh run

This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.

...............

#tacacs+

set tacacs server 10.2.1.7 primary

set tacacs attempts 6

set tacacs directedrequest enable

set tacacs key hello

!

#authentication

set authentication login tacacs enable console primary

set authentication login tacacs enable telnet primary

set authentication login tacacs enable http primary

set authentication login attempt 6 console

WHAT is needed toget rid of the enable password prompt..

I can disable the enablepassword but would prefer not to.

Help!!!!

strykerb41 · ‎11-15-2007

actually found the info....

Posted by: jgambhir - Nov 15, 2007, 6:02am PST

Console> (enable) set tacacs server [IP] [primary]

set tacacs key [key]

set tacacs attempts [number] (optional)

set localuser user [user] password [password] privilege 15

set authentication login local enable

set authentication login tacacs enable [all | console | http | telnet] [primary]

set authorization exec enable tacacs+ [deny | none] [console | telnet | both]

set authorization commands enable [config | all] tacacs+ [deny | none] [console |telnet | both]

glen.grant · ‎11-15-2007

if you want it to use the tacacs password for enable add

set authentication enable tacacs enable telnet primary