Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS with RSA for privilege level 'enable' authentication

Has anyone experienced problems with privilege level "Enable" password authentication via ACS using RSA two factor authentication? We have recently deployed ACS and use RSA two factor authentication for the telnet connection without any problems. When configuring the networking device and ACS to use RSA for the privelledge level authentication "enable" this fails. We get prompted to enter the token code and the RSA server indicates that authentication is succesful however the network device (ASA or switch) seems to reject it.

Are there any tricks to this?

Thanks in advance!


Re: ACS with RSA for privilege level 'enable' authentication

You have to make sure you use a different code than your initial login.

Hall of Fame Super Gold

Re: ACS with RSA for privilege level 'enable' authentication


Like Collin the first thing that I think of is that you can not use the same token code to authenticate enable mode that was used to authenticate user mode. Beyond that I am not aware of things that should prevent this working. Are you sure that the ACS authentication server is configured to allow that user access to privilege mode?

Perhaps it would be helpful if you would post the config (especially all the aaa related parts) of a device that is having that problem. And it might help find the issue if you would run debug for authentication, try to login to enable mode, and post the output.



CreatePlease to create content