09-28-2004 05:12 AM - edited 03-10-2019 01:49 PM
Hello,
I'm using Tacacs for authenticating on IOS and CAT OS switches. When I log in to the IOS ones, I get directly to the enable mode.
When I log in to the CAT OS switch with the same user I only get to exec mode. Then I have to enter the enable mode manually with the "tacacs user password" as the "enable password".
My wish is to login directly to the enable mode with CAT switches!
Thanks in advance...
IOS config:
-----------
aaa new-model
tacacs-server key xxxx
tacacs-server host a.b.c.d
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
line vty 0 4
login authentication default
CAT OS config:
--------------
set tacacs server a.b.c.d primary
set tacacs attempts 5
set tacacs directedrequest disable
set tacacs key xxxxxx
set tacacs timeout 5
set authentication login tacacs disable console
set authentication login tacacs enable telnet primary
set authentication enable tacacs disable console
set authentication enable tacacs enable telnet primary
set authentication login local enable console
set authentication login local enable telnet
set authentication enable local enable console
set authentication enable local enable telnet
Solved! Go to Solution.
09-28-2004 10:32 PM
09-28-2004 05:52 AM
Hi,
just add the following line
set authorization exec enable tacacs+ none
Hope it helps
Cheers
Michael
09-28-2004 08:04 AM
Or you can add this line on your statement.
"aaa authorization exec default group tacacs+"
RT
09-28-2004 10:32 PM
@rtogonon
this is a IOS command!
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide