https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541481#M524548 <HTML><HEAD></HEAD><BODY><P>(1) Yes, we use only login passwords if going directly to privilege 15.</P><P>(2) We may give the same values for both login and enable passwords.</P><P></P><P>Sure, we will investigate and update the doc.</P><P>Besides Cisco IOS, ASA also uses enable.</P></BODY></HTML> Sat, 03 Jun 2017 14:06:12 GMT hslai 2017-06-03T14:06:12Z https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541477#M524538 <HTML><HEAD></HEAD><BODY><P>Hello there,</P><P></P><P>When I was creating an internal users on ISE, I noticed that there is a new field labeled as "enabled password", as attached screenshot.</P><P>I usually just use the "login" field. I'm wondering what the "enable password" field would do to an internal user? What's its purpose?</P><P></P><P><IMG alt="enable_password.PNG" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/108028_enable_password.PNG" style="height: 280px; width: 620px;" />Thanks</P></BODY></HTML> Sat, 03 Jun 2017 01:59:20 GMT https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541477#M524538 Ping Zhou 2017-06-03T01:59:20Z https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541478#M524541 <HTML><HEAD></HEAD><BODY><P>It's to use ISE internal users as the identity source for device administration using TACACS+ on Cisco IOS like devices, where differentiating between the login passwords and the enable passwords.</P></BODY></HTML> Sat, 03 Jun 2017 02:04:40 GMT https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541478#M524541 hslai 2017-06-03T02:04:40Z https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541479#M524544 <HTML><HEAD></HEAD><BODY><P>Make sense...I have 2 follow up questions though:&nbsp; </P><P></P><P>1. In the tacacs Device Admin case, What if I only set the login password, no enable password, and I use this internal user as AuthZ conditions and give it Privilege 15 and Permit All commands as the AuthZ result, would it work? or for this case, I have to have the enable password?</P><P></P><P>2. if this enable password is mandatory in my above device Admin TACACS case, i guess they can't be the same password as the login password?</P><P></P><P>I searched Admin guide, I can't find any explanations&nbsp; about this enable password field. Perhaps the documentation could help add it?</P><P></P><P>thanks again</P></BODY></HTML> Sat, 03 Jun 2017 03:42:14 GMT https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541479#M524544 Ping Zhou 2017-06-03T03:42:14Z https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541480#M524546 <HTML><HEAD></HEAD><BODY><P>Sorry, forgot to ask: I assume this field is only for IOS device?</P></BODY></HTML> Sat, 03 Jun 2017 03:52:04 GMT https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541480#M524546 Ping Zhou 2017-06-03T03:52:04Z https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541481#M524548 <HTML><HEAD></HEAD><BODY><P>(1) Yes, we use only login passwords if going directly to privilege 15.</P><P>(2) We may give the same values for both login and enable passwords.</P><P></P><P>Sure, we will investigate and update the doc.</P><P>Besides Cisco IOS, ASA also uses enable.</P></BODY></HTML> Sat, 03 Jun 2017 14:06:12 GMT https://community.cisco.com/t5/network-access-control/quot-enable-password-quot-field-for-ise-internal-users/m-p/3541481#M524548 hslai 2017-06-03T14:06:12Z