Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1648
Views
5
Helpful
6
Replies

How can i manage enable password through acs

susim
Level 3
Level 3

ā€Ž02-11-2014 05:30 AM - edited ā€Ž03-10-2019 09:23 PM

Hi all

I have couple of user in acs , all the cisco switches authentication is happening through acs( local users in acs)

and enable password locally on the switch .

Now for one user  i want to mange enable password through acs

Is it possible

Thank you

Labels:
0 Helpful
6 Replies 6

Javier Portuguez
Level 9
Level 9

ā€Ž02-11-2014 12:19 PM

Yes it is possible.

Create the user account on ACS and define the enable password for such user.  Also create a shell-profile and make sure you defined the privilege level. If you define 15 - 15 it will bypass enable mode or you could do it 1 - 15.

HTH.

0 Helpful

susim
Level 3
Level 3
In response to Javier Portuguez

ā€Ž02-15-2014 11:03 PM

Hi Javier

I  tried what you said  . but did nt work

Am i missing something .

shell Exec.png

Other than this , do i need to add any commands  on the switch

0 Helpful

Tushar Gaba
Cisco Employee
Cisco Employee

ā€Ž02-16-2014 03:46 AM

Hey ,

If you need to control enable authentication through ACS then we need to have command on switch .
aaa authentication enable default group tacacs enable

Once you have this command it will be a global change for all the users . Now everybody who logs in the switch will have to enter enable password which would be defined in ACS for them .

To make it short you cannot limit the enable authentication feature to a particular user .

Sent from Cisco Technical Support Android App

0 Helpful

susim
Level 3
Level 3
In response to Tushar Gaba

ā€Ž02-16-2014 04:07 AM

Thanks Thushar

whats default  group means in " aaa authentication enable default group tacacs enable"

One more thing i would like to know

if  in case tacacs down i need to login locally , for that is there anything to do ?

Thanks

0 Helpful

susim
Level 3
Level 3
In response to susim

ā€Ž02-18-2014 12:04 AM

Hi

Please advise  using the below commands , is there any problem

aaa authentication login default group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

Thanks

0 Helpful
Customers Also Viewed These Support Documents