Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
5
Helpful
3
Replies

enable pwd for console when AAA is configured

sridhar ch
Level 1
Level 1

‎03-14-2016 11:33 AM - edited ‎03-10-2019 11:34 PM

I have AAA configured on my ASA and enable pwd is configured to use tatacs authentication. If i have to access using console, enable pwd is not accepting. so had to disable tacacs for enable mode and configured to use local pwd. what should be done so that i can use tacacs for enable pwd when accessing via ASDM/SSH/Telnet and local pwd while connecting thru console? FYI, i will use my Windows AD credentials for tacacs authentication. I have a local acc configured for console connection access.

aaa authentication ssh console BR_ACS_SVR LOCAL
aaa authentication http console BR_ACS_SVR LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa accounting enable console Accounting
aaa accounting ssh console Accounting
aaa accounting command privilege 15 Accounting
aaa accounting telnet console BR_ACS_SVR

Thx,

sridhar

Labels:
Preview file
36 KB
0 Helpful
3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎03-14-2016 11:47 AM

Hi Sridhar,

What is the ACS version you are using ?

Try using this command back:

aaa authentication enable console BR_ACS_SVR LOCAL

And then if it does not work check the authentication logs on the ACS.

You can also check this link as well:

https://supportforums.cisco.com/discussion/12047431/cisco-asa-tacacs-enable-mode-not-working

Regards,

Aditya

Please rate helpful posts.

Regards,

Aditya

0 Helpful

sridhar ch
Level 1
Level 1
In response to Aditya Ganjoo

‎03-25-2016 06:34 AM

hi,

i had aaa authentication enable console BR_ACS_SVR LOCAL configured earlier, but the issue with this command is it doesnt accept local enable pwd and it will point to ACS for enable pwd. I want to use local pwd for console and use tacacs for SSH/ASDM. 

if the ASA is configured for tacacs authentication, is it possible to have local pwd for console and tacacs for other authentication?

thx,

sridhar

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to sridhar ch

‎03-25-2016 10:23 AM

Sridhar,

Unfortunately this is not possible on ASA. You either have to use enable password against TACACS+ or local database. The same thing can be done on IOS using method list.

Regards,

Jatin

~Jatin
Customers Also Viewed These Support Documents