https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396782#M433485 <HTML><HEAD></HEAD><BODY><P>@rtogonon</P><P></P><P>this is a IOS command!</P><P>Michael</P></BODY></HTML> Wed, 29 Sep 2004 05:32:14 GMT michael.linhart 2004-09-29T05:32:14Z https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396779#M433480 <P>Hello,</P><P></P><P>I'm using Tacacs for authenticating on IOS and CAT OS switches. When I log in to the IOS ones, I get directly to the enable mode.</P><P></P><P>When I log in to the CAT OS switch with the same user I only get to exec mode. Then I have to enter the enable mode manually with the "tacacs user password" as the "enable password".</P><P></P><P>My wish is to login directly to the enable mode with CAT switches!</P><P></P><P>Thanks in advance...</P><P></P><P></P><P>IOS config:</P><P>-----------</P><P>aaa new-model</P><P>tacacs-server key xxxx</P><P>tacacs-server host a.b.c.d</P><P>aaa authentication login default group tacacs+ enable</P><P>aaa authorization exec default group tacacs+ if-authenticated</P><P>aaa authorization commands 15 default group tacacs+ if-authenticated</P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+ </P><P></P><P>line vty 0 4</P><P>login authentication default</P><P></P><P></P><P></P><P></P><P>CAT OS config:</P><P>--------------</P><P>set tacacs server a.b.c.d primary</P><P>set tacacs attempts 5</P><P>set tacacs directedrequest disable</P><P>set tacacs key xxxxxx</P><P>set tacacs timeout 5</P><P></P><P>set authentication login tacacs disable console </P><P>set authentication login tacacs enable telnet primary</P><P>set authentication enable tacacs disable console </P><P>set authentication enable tacacs enable telnet primary</P><P>set authentication login local enable console </P><P>set authentication login local enable telnet </P><P>set authentication enable local enable console </P><P>set authentication enable local enable telnet</P> Sun, 10 Mar 2019 20:49:36 GMT https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396779#M433480 bpotschien 2019-03-10T20:49:36Z https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396780#M433481 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>just add the following line</P><P>set authorization exec enable tacacs+ none</P><P></P><P>Hope it helps</P><P>Cheers</P><P>Michael</P></BODY></HTML> Tue, 28 Sep 2004 12:52:38 GMT https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396780#M433481 michael.linhart 2004-09-28T12:52:38Z https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396781#M433483 <HTML><HEAD></HEAD><BODY><P>Or you can add this line on your statement.</P><P></P><P>"aaa authorization exec default group tacacs+"</P><P></P><P>RT</P></BODY></HTML> Tue, 28 Sep 2004 15:04:29 GMT https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396781#M433483 ROBERT TOGONON 2004-09-28T15:04:29Z https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396782#M433485 <HTML><HEAD></HEAD><BODY><P>@rtogonon</P><P></P><P>this is a IOS command!</P><P>Michael</P></BODY></HTML> Wed, 29 Sep 2004 05:32:14 GMT https://community.cisco.com/t5/network-access-control/direct-login-to-enable-mode-with-cat-os-using-tacacs/m-p/396782#M433485 michael.linhart 2004-09-29T05:32:14Z