Hello,
I've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this:
...
aaa authentication login VTY group radius local-case
aaa authentication enable default group radius enable
....
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing.
If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Kind regards
Kai
=== Correct answer ===
Hello,
please see the attachment.
Step 1.2 - 1.5 is requiered for both (Radius and Tacacs). Then you have to switch to 2.1-2.7 for Radius or 3.1 - 3.7 for Tacacs authentication.
The document shows you all steps you have to take. The box on the right side shows to you in the headline "Requiered for".This should help you the find out why this is configured and where you will need in future steps. or "Provided by" should tell you where you have configured it.
But I'm sure, you will make it.
I've testet it with the following hardware:
Cisco Router:
600 ,800 ,1800 ,1900 ,2600 ,2800 ,2900, 3900, 4000, 7200 ,7300 Series
Cisco Switches:
2900, 2950, 2960, 3550, 3560, 3750, 4500, 6500, Nexus 5500 Series
Cisco Unified Communicaton:
Call Manager Express, UC560
Hewlett-Packard Switches:
1700, 1800, 2500, 2600, 3500, 5400, 8100 (out of sale) Series
Yes, working in a datacenter is fine for testing
