console is authenticating to AAA but unable to enter enable mode

nygenxny123 · ‎10-22-2010

When i enter vty i can log in straight to priv leve 15-authenticating to tacacs-

howerver when i try through the conosle port, i get in via privliege level 1

howerver when i attemt to enable..i get asked for a password, and the enable password i have configured does not work

aaa authentication attempts login 2
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ none
aaa accounting system default start-stop group tacacs+
!

line con 0
password 7 11ddddD
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 0605ddddddd41
logging synchronous
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 06ddddd4F41
logging synchronous
transport input telnet ssh
!

nygenxny123 · ‎10-22-2010

hmm i just disabled the ACS server and cant login via the console using local auth

Panos Kampanakis · ‎10-22-2010

It is not working because you have "aaa authentication enable default group tacacs+ enable".

If you are locked out I would suggest password recovery and using aaa authentication and authorization commands carefully. Here is a guide to help you http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_aaa_overview_external_docbase_0900e4b1805adb64_4container_external_docbase_0900e4b1807af93e.html

I hope it helps.

PK