topic Re: If you have ACS using AD for priv-1, how do you set the ENAB in Network Access Control

If you have ACS using AD for priv-1, how do you set the ENABLE password?

jdean1 — Sun, 10 Mar 2019 21:57:29 GMT

I am trying to figure this out and not getting anywhere. I want to have acs use windows AD for authentication. Then I want the AD authed user to have priv-1 access. Then type 'enable' to gain enable access to the device if they have the enable password. I want the enable password to be centrally stored on the acs server, so that it is centrally managed for all devices. Where do I do this?

I know you can go to each user individually and configure them for a static enable password, but that is NOT what I am looking for. Any help would be great.

Thanks all - J

Re: If you have ACS using AD for priv-1, how do you set the ENAB

Vivek Santuka — Wed, 31 Jan 2007 22:56:10 GMT

Hi,

Enable password can only be the following three :-

1. User's Login password which is set in ACS

2. A Static password defined for every user

3. The External db password.

We cannot have any "centrally set" enable password for every device.

Regards,

Vivek

Re: If you have ACS using AD for priv-1, how do you set the ENAB

jdean1 — Thu, 01 Feb 2007 00:02:36 GMT

Thanks. Given those options how would I be able to do this for users that are ONLY in the windows AD DB? We have NO user accounts in the internal acs db to statically configure passwords.

Although a user account is dynamically created by acs after someone logs in, but I am not sure how long this is cached and if it is wise to put the enable password in this dynamic account that may dissappear?? Thoughts?

Thanks.

-j