Issue of login to enable-mode via tacacs+ credential is resolved as per your advice as I have found that as soon I configure ACS User Setup-> Advanced TACACS+ Settings-> Max Privilege for any AAA Client->15 instead of “Use Group Level Setting”(which is privilege 15 anyway) then I can login to the firewall enable-mode via tacacs+, successfully. Username password privilege 15Įnable password Īaa-server TACACS+ (inside) host timeout 10Īaa authentication http console TACACS+ LOCALĪaa authentication ssh console TACACS+ LOCALĪaa authentication telnet console TACACS+ LOCALĪaa authentication enable console TACACS+ LOCAL Also ASA is not falling to local enable password either.Īlso I can successfully run the "test aaa authentication TACACS+ username abc password password1"įrom same ACS TACACS works for both user mode and enable mode for routers/ switches.
I am configuring the ASA 8.4 with TACACS with below CLI configurations, I can only successfully login to the USER MODE of the ASA via TACACS, but unable to get to the enable mode of the ASA via TACACS.
0 kommentar(er)
