cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3937
Views
4
Helpful
7
Replies

Tacacs+ Enable password is not working on Cisco Switch

Ladies/Gents,

I am facing issues when enabling tacacs authentication on my cisco switch, aaa login/password is working, aaa enable is not. Underneath details of my devices.

Cisco ACS 1121: version 5.1

Cisco Switch 3560: ios ver 15

I also attached here some documents for your review and comment (switch aaa configuration, debug aaa authentication, acs captured screen)

Hoping to receive an update and comment from you soon.

Thanks,

Arnold

7 REPLIES 7
Participant

Tacacs+ Enable password is not working on Cisco Switch

Hi,

The problem lies in the shell profile being assigned in the authorization section of the ACS configuration.

Access Policies--> Default device admin (or a one you have created)--> Authorization--> look at the rule that matches.

The shell profile has to have maximum privilege set to 15 for this to work.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

Re: Tacacs+ Enable password is not working on Cisco Switch

Hi Edward,

I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.

1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.

2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.

Note:
I also attached here the captured screen and debug result for the "shell profiles"

Re: Tacacs+ Enable password is not working on Cisco Switch

Further there's also some discussion, seems related to this issue, but its using ACS version 4.2

https://learningnetwork.cisco.com/thread/35151?start=0&tstart=0

Cisco Employee

Are you still facing issue

Are you still facing issue with the enable password authentication?

 

Regards,

Jatin

** Do rate helpful posts**

~Jatin Katyal

Tacacs+ Enable password is not working on Cisco Switch

Arnold,

Did you edit the service selection rules?

Labminutes has some really good videos for configuring ACS. It will walk you through exactly what you're trying to do.

http://labminutes.com/video/sec/ACS

Enthusiast

Re: Tacacs+ Enable password is not working on Cisco Switch

please have a look on this docunment for Steps to configure Tacacs Authentication

https://supportforums.cisco.com/docs/DOC-8572

Participant

Tacacs+ Enable password is not working on Cisco Switch