ACS and enable password for router from console

ciscoforum · ‎07-03-2004

I am trying to use ACS server authenticate login and enable password for users to access the router.

Here is router configuration

username test password 0 cisco aaa new-model

enable pass cisco

!

aaa group server tacacs+ cisco

server x.x.x.x

aaa authentication login test group tacacs+ local aaa authenticatiton enable default tacacs+ local tacacs-server host x.x.x.x

tacacs-server directed-request

tacacs-server key cisco

line con 0

login authentication test

The use seperate password under tacacs+ enable password works for user priviledge password, however the enable password didn't work? ended I have to disable the acs nic to access the router enable mode. Which field can I use for enable password auth in the acs?

thanks

ciscoforum · ‎07-03-2004

never mind. It turned out that the enable privilidge was 0 by default. I changed it to 15. it works. thanks. Btw, does anybody know how to use different passwords for user and enable mode in AAA for router. Now it seems that I only can use one.

Richard Burts · ‎07-04-2004

What are you trying to accomplish in having a different enable password?

With AAA and ACS you define individual user IDs and unique passwords per user. You also define in ACS on a user by user basis who has access to enable and who does not. The purpose of passwords is to prove that the correct person is at the keyboard. If a user logs in to user mode with the correct password and then enters the enable command, what advantage is there in requiring a different password?

HTH

Rick

HTH

Rick