- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2012 12:05 PM - edited 03-10-2019 06:41 PM
I configured authentication for Enable to user Tacacs+. I need it to be authenticated the same time when users are logging in. That is, a user types his username and password, he is directly logged into Enable mode.
However, it stops everytime at exec mode, he has to type "enable " and type his password again to get into enable mode.
any idea?
The aaa config is attached.
thanks
Han
Solved! Go to Solution.
- Labels:
-
AAA
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2012 12:18 PM
Han,
You need to add the "aaa authorization exec default group tacacs if-authenticated none" command. Also, the TACACS+ server should be configured to return the privilege level 15 attribute for Shell (EXEC) as well.
NOTE: The feature to get directly into enable mode after typing the Username/Password applies only for IOS devices. Cisco ASA does not include this feature as it is considered a security device.
Regards.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2012 12:18 PM
Han,
You need to add the "aaa authorization exec default group tacacs if-authenticated none" command. Also, the TACACS+ server should be configured to return the privilege level 15 attribute for Shell (EXEC) as well.
NOTE: The feature to get directly into enable mode after typing the Username/Password applies only for IOS devices. Cisco ASA does not include this feature as it is considered a security device.
Regards.
