11-15-2007 07:38 AM - edited 03-05-2019 07:26 PM
All- I am implementing TACACS across the network.
all the IOS's, Pix's and VPN solutions are complete.
The problem is the CAT OS switches,
i am testing with a CATOS 2948G switch.
see the config below.
Cisco Systems, Inc. Console
OMKSW02 (Cisco Catalyst 2948G)
Access Restricted...
Username: catsoup
Password:*********
OLTEST2948G en
Enter password:********
OLTEST2948G (enable) sh run
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
...............
#tacacs+
set tacacs server 10.2.1.7 primary
set tacacs attempts 6
set tacacs directedrequest enable
set tacacs key hello
!
#authentication
set authentication login tacacs enable console primary
set authentication login tacacs enable telnet primary
set authentication login tacacs enable http primary
set authentication login attempt 6 console
WHAT is needed toget rid of the enable password prompt..
I can disable the enablepassword but would prefer not to.
Help!!!!
11-15-2007 07:47 AM
actually found the info....
Posted by: jgambhir - Nov 15, 2007, 6:02am PST
Console> (enable) set tacacs server [IP] [primary]
set tacacs key [key]
set tacacs attempts [number] (optional)
set localuser user [user] password [password] privilege 15
set authentication login local enable
set authentication login tacacs enable [all | console | http | telnet] [primary]
set authorization exec enable tacacs+ [deny | none] [console | telnet | both]
set authorization commands enable [config | all] tacacs+ [deny | none] [console |telnet | both]
11-15-2007 08:59 AM
if you want it to use the tacacs password for enable add
set authentication enable tacacs enable telnet primary
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide