IB-EN1
1 Nickel

Disable "enable" login with TACACS

Hello,

Switch Model - PowerConnect 6248P

I am trying to login with TACACS.

after entering username and password I was asked to put "ENABLE" password.

how can i disable this request ? and only use username and password (TACACS).

thanks,

IB.

Tags (1)
0 Kudos
6 Replies
Moderator
Moderator

RE: Disable "enable" login with TACACS

Hi,

Try to change the aaa authentication enable setting, page 193 of the CLI guide. ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_Re...

This should allow you to set tacacs as the method for elevated privileges instead of having a separate enable password. You may also need to disable the need for an enable password with the command no enable authentication.

Thanks,
Josh Craig
Dell EMC Enterprise Support Services
Get support on Twitter @DellCaresPRO
0 Kudos
Highlighted
IB-EN1
1 Nickel

RE: Disable "enable" login with TACACS

Hi,

I am still getting enable prompt when i try connect via telnet.

also i trying delete "no enable authentication NoneEN" on line telnet - but after username + password i am still getting the > enable promt

attached configuration :

#### SW-NET-A ###
User:tacacs
Password:***********
SW-A1>enable
Password:

SW-A1#

line telnet

exec-timeout 5
login authentication LoginProf
enable authentication NoneEN
exit

aaa authentication login "LoginProf" tacacs local

aaa authentication enable "NoneEN" enable

no enable password

 thanks,

IB

0 Kudos
Moderator
Moderator

RE: Disable "enable" login with TACACS

aaa authentication enable "NoneEN" enable

is enabling the enable password

Try

no aaa authentication enable "NoneEN"

or

aaa authentication "tacacs" tacacs

Thanks,
Josh Craig
Dell EMC Enterprise Support Services
Get support on Twitter @DellCaresPRO
0 Kudos
Ramesh Babu A
1 Copper

RE: Disable "enable" login with TACACS

Dear Team,

I am tried following config, but no luck, hence could you please suggest me. Its very urgent to enable TACAC to my device. Hence kindly do the needful.

aaa authentication login "networkList" tacacs local


ip http authentication tacacs local
ip https authentication tacacs local


tacacs-server host 10.xx.x.5

timeout 1

key "cxxxrp"
priority 20
exit


tacacs-server host 10.xx.2.5
timeout 1
key "cxxxrp"
priority 10
exit


tacacs-server key "cxxxrp"
ip ssh server
ip ssh pubkey-auth

0 Kudos
Pragatheesh
1 Copper

RE: Disable "enable" login with TACACS

Hi Ramesh,

Please try the following and let me know if it works for you.

switch(config)#aaa authentication enable enablelist none

switch(config)#aaa authentication login loginlist tacacs local

The above are the login and enable lists, now please apply them to the line as below

switch(config)#line ssh

switch(config-line)#login authentication loginlist

switch(config-line)#enable authentication enablelist

Authentication methods are now created and applied to the virtual terminal line. Please initiate a separate ssh connection and try login with your tacacs credentials.

NOTE:- Before successful testing, please do not close the existing terminal session. Closing the active session may lead to a complete login lockdown.

Kind regards,

Praga

tonyhess
1 Nickel

Re: Disable "enable" login with TACACS

This is very simple. If you want no password on the enable prompt set it to none.

 

aaa authentication enable default none

 

the above command sets enable authentication to none.

 

So your two commands for tacacs would be..

 


aaa authentication enable default none
aaa authentication login default tacacs+ local

0 Kudos