Hello all,
Hope you are safe & secure in this pandemic.
I would like to know if there is any way we can bypass enable mode after configuring tacacs+.
I will try to explain in details, I have configured tacacs+ on my switches and configuration is working fine and all switches are authenticating properly until one of the switches now requesting for enable password.
NOTE: BELOW CONFIG IS AFTER IMPLEMENTING TACACS+ AND NOW I'M NOT ABLE TO GET TO ENABLE MODE. BEFORE IMPLEMENTING TACACS+ IT WASNT ASKING FOR ENABLE PASSWORD BUT NOW IT IS ASKING.
Hostname: $(hostname)
*********************************WARNING************************************
* Access to this system is strictly restricted to authorised persons *
* Any violation is prohibited and will be prosecuted *
****************************************************************************
Using keyboard-interactive authentication.
Password:
Welcome to mllswr01
mllswr01>en
Password:
% Access denied
mllswr01>enable
Password:
% Access denied
mllswr01>enable
Password:
% Access denied
mllswr01>
mllswr01>
Below is my tacacs+ config
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 10.XX.XX.XX
tacacs-server directed-request
tacacs-server key testkey123
So as this switch is not accessible physically as we dont have anyone available to reboot the switch, without reboot is there any way I can get to enable mode so that I can remove my tacacs+ config.