https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850721#M39993 <P>hi,</P> <P></P> <P>i had&nbsp;<SPAN>aaa authentication enable console BR_ACS_SVR LOCAL configured earlier, but the issue with this command is it doesnt accept local enable pwd and it will point to ACS for enable pwd. I want to use local pwd for console and use tacacs for SSH/ASDM.&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>if the ASA is configured for tacacs authentication, is it possible to have local pwd for console and tacacs for other authentication?</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>thx,</SPAN></P> <P><SPAN>sridhar</SPAN></P> Fri, 25 Mar 2016 13:34:58 GMT sridhar ch 2016-03-25T13:34:58Z https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850719#M39991 <P>I have AAA configured on my ASA and enable pwd is configured to use tatacs authentication. If i have to access using console, enable pwd is not accepting. so had to disable tacacs for enable mode and configured to use local pwd. what should be done so that i can use tacacs for enable pwd when accessing via ASDM/SSH/Telnet and local pwd while connecting thru console? FYI, i will use my Windows AD credentials for tacacs authentication. I have a local acc configured for console connection access.</P> <P></P> <P>aaa authentication ssh console BR_ACS_SVR LOCAL<BR />aaa authentication http console BR_ACS_SVR LOCAL<BR />aaa authentication telnet console LOCAL<BR />aaa authentication serial console LOCAL<BR />aaa accounting enable console Accounting<BR />aaa accounting ssh console Accounting<BR />aaa accounting command privilege 15 Accounting<BR />aaa accounting telnet console BR_ACS_SVR</P> <P></P> <P>Thx,</P> <P>sridhar</P> <P></P> Mon, 11 Mar 2019 06:34:36 GMT https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850719#M39991 sridhar ch 2019-03-11T06:34:36Z https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850720#M39992 <P>Hi Sridhar,</P> <P></P> <P>What is the ACS version you are using ?</P> <P></P> <P>Try using this command back:</P> <P></P> <P>aaa authentication <G class="gr_ gr_80 gr-alert gr_gramm undefined Grammar multiReplace" id="80" data-gr-id="80">enable</G> console BR_ACS_SVR LOCAL</P> <P></P> <P>And then if it does not work check the authentication logs on the ACS.</P> <P></P> <P>You can also check this link as well:</P> <P></P> <P>https://supportforums.cisco.com/discussion/12047431/cisco-asa-tacacs-enable-mode-not-working</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> Mon, 14 Mar 2016 18:47:58 GMT https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850720#M39992 Aditya Ganjoo 2016-03-14T18:47:58Z https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850721#M39993 <P>hi,</P> <P></P> <P>i had&nbsp;<SPAN>aaa authentication enable console BR_ACS_SVR LOCAL configured earlier, but the issue with this command is it doesnt accept local enable pwd and it will point to ACS for enable pwd. I want to use local pwd for console and use tacacs for SSH/ASDM.&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>if the ASA is configured for tacacs authentication, is it possible to have local pwd for console and tacacs for other authentication?</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>thx,</SPAN></P> <P><SPAN>sridhar</SPAN></P> Fri, 25 Mar 2016 13:34:58 GMT https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850721#M39993 sridhar ch 2016-03-25T13:34:58Z https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850722#M39994 <P><SPAN style="color: #000000; font-size: 10pt;">Sridhar, </SPAN></P> <P><SPAN style="color: #000000; font-size: 10pt;">Unfortunately this is not possible on ASA. You either have to use enable password against TACACS+ or local database. The same thing can be done on IOS using method list. </SPAN></P> <P><SPAN style="color: #000000; font-size: 10pt;">Regards,</SPAN></P> <P><SPAN style="color: #000000; font-size: 10pt;">Jatin</SPAN></P> Fri, 25 Mar 2016 17:23:50 GMT https://community.cisco.com/t5/network-access-control/enable-pwd-for-console-when-aaa-is-configured/m-p/2850722#M39994 Jatin Katyal 2016-03-25T17:23:50Z