11-10-2002 08:59 PM - edited 02-21-2020 10:05 AM
I'm using PIX 515E with the latest image. Also using ACS 3.02.
I've entered the following commands to use the ACS for authentication via TACACS+:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (inside) host 10.1.1.21 key1 timeout 10
aaa authentication telnet console TACACS+
aaa authentication enable console TACACS+
I've created a user in ACS and checked the option to use the same password for everything. Also I've given the user the max privilege of 15 and enable permission.
I can telnet into pix fine, but credentials get refused when I try to "enable". Any idea?
Thanks,
11-11-2002 04:55 PM
What do you see in the Failed Attempts log on the ACS server? The privilege level shouldn't matter, but the user will definately need the enable permission set under their configuration.
11-11-2002 09:44 PM
I just noticed that it only fails when I try to login from telnet. When I try to login from console (Hyperterminal) it works as it should and it's fine.
Under user properties of ACS, I've selected :
TACACS+ Enable Password > User CiscoSecure PAP Password
TACACS+ Enable Control > Max Privelege for any AAA client:15
When I telnet to PIX using puTTy, this is what I get:
User Access Verification
Username: user10
Password: ******
Type help or '?' for a list of available commands.
cwfw01> login
Username: user10
Password: ******
%Login failed
Username: user10
Password: ******
%Login failed
Username: user10
Password: ******
%Login failed
cwfw01>
I've enabled logging for both successful and failed Attempts, but the strange thing is that there are no entries under failed attempts related to the failed attempts listed above. I've clicked on Refresh after each attempt.
If I try to login using "enable" command and entering the enable password, login fails and gets recorded in "failed attempts".
Thanx.
11-11-2002 09:57 PM
I just found out what I was doing wrong. I should use "enable", not "login".
Thanks very much for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide