02-14-2012 05:56 AM
Hello,
I've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this:
...
aaa authentication login VTY group radius local-case
aaa authentication enable default group radius enable
....
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing.
If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Kind regards
Kai
=== Correct answer ===
Hello,
please see the attachment.
But I'm sure, you will make it.
I've testet it with the following hardware:
Cisco Router:
600 ,800 ,1800 ,1900 ,2600 ,2800 ,2900, 3900, 4000, 7200 ,7300 Series
Cisco Switches:
2900, 2950, 2960, 3550, 3560, 3750, 4500, 6500, Nexus 5500 Series
Cisco Unified Communicaton:
Call Manager Express, UC560
Hewlett-Packard Switches:
1700, 1800, 2500, 2600, 3500, 5400, 8100 (out of sale) Series
Yes, working in a datacenter is fine for testing
03-21-2012 11:17 AM
Hi Kai,
can you share the configurations for TACACS?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide