I have the following config:
aaa authentication login default group tacacs+ line
aaa authentication login NO_AUTHEN none
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
With these settings, all users (including one used by Cisco Prime Network) require to enter enable password after logging in with their own credentials.
I'd like to have a setup where the Prime user does not require to enter the enable password.
I tried this but all users access privileged mode immediately without enable.
aaa authentication login default group tacacs+ local
aaa authentication login CONSOLE local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local