Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
0
Helpful
3
Replies

Setting a single global enable password

aylmer
Level 1
Level 1

‎08-24-2004 08:42 PM - edited ‎03-10-2019 01:46 PM

Is it possible to set a single enable password for all clients that authenticate through the ACS.

Instead of setting an enable password on a per user basis I would like to set it in a single global place once that will then be used by all clients added in the future.

Labels:
0 Helpful
3 Replies 3

vimal1980
Level 1
Level 1

‎08-24-2004 09:10 PM

Yes. It is possible.

Rgds

Vimal

0 Helpful

aylmer
Level 1
Level 1
In response to vimal1980

‎08-24-2004 11:10 PM

Could you please tell me where within the ACS a global enable password can be set for all devices.

From what I have seen the only way is to set the enable password on a per user basis.

0 Helpful

will.shaw
Level 1
Level 1
In response to aylmer

‎08-25-2004 03:17 AM

Having one single enable password does raise some security issues. However, if this is the way you wish to proceed I would recommend setting the enable password on each device instead of on the ACS (what if the ACS goes down etc...).

Then you can use the command

aaa authentication enable default group tacacs+ enable

This will tell the device to first try for a tacacs+ enable password then use the local one if that fails.

You can of course remove the 'group tacacs+' statement and use only the enable password from the device.

To centrally manage the enable password, you could use something such as Kiwi Cat Tools to automate the distribution.

0 Helpful
Customers Also Viewed These Support Documents