Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1361
Views
2
Helpful
3
Replies

cannot get past the enable mode in Cisco 9800

atifali.zaidi1
Level 1
Level 1

‎01-02-2024 02:17 AM

initially i did the base configuration for the new 9800 and added the below commands, the wlc is running 17.9.4a

line vty 0 15
privilege level 15
transport input ssh

and a username and password and enable secret password as well which is pretty simple and then as a prt of hardening and applying management configuration i had configured "no enable password" on the controller and since then i can initially login using tacacs with my username and password but then i am being presented with a enable prompt which is pretty strange and now i am stuck over there.  it does not accept my tacacs password and not even the initial password which was configured before.  any help will be deeply appreciated.

0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎01-02-2024 02:31 AM

 

   - SSH configuration contains : ...privilege level 15 ; I can't see this adding to security anyway :
  ref : https://www.ciscopress.com/articles/article.asp?p=3145772&seqNum=5

  >...

To use the TACACS+ server for CLI authentication, add your method in the VTY configuration (it is also configurable under Administration > Management>HTTP/HTTPS/Netconf/VTY in the WebUI after 17.6):

9800(config)#line vty 0 15
9800(config-line)#login authentication <aaa login method name>
9800(config-line)#authorization exec <aaa exec method name>

                 Check the document for complete info's

 M. 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Ruben Cocheno
Spotlight
Spotlight

‎01-02-2024 07:49 AM

@atifali.zaidi1 

Great guide that covers your needs

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

atifali.zaidi1
Level 1
Level 1
In response to Ruben Cocheno

‎02-02-2024 04:54 AM

the issue was on the ISE side as it was not pushing priv 15 access , it got fixed

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card