Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

IE

IB-EN1

13 Posts

51084

February 10th, 2014 01:00

Disable "enable" login with TACACS

Hello,

Switch Model - PowerConnect 6248P

I am trying to login with TACACS.

after entering username and password I was asked to put "ENABLE" password.

how can i disable this request ? and only use username and password (TACACS).

thanks,

IB.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

February 10th, 2014 07:00

Hi,

Try to change the aaa authentication enable setting, page 193 of the CLI guide. ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_Reference%20Guide_en-us.pdf

This should allow you to set tacacs as the method for elevated privileges instead of having a separate enable password. You may also need to disable the need for an enable password with the command no enable authentication.

IB-EN1

13 Posts

February 11th, 2014 03:00

Hi,

I am still getting enable prompt when i try connect via telnet.

also i trying delete "no enable authentication NoneEN" on line telnet - but after username + password i am still getting the > enable promt

attached configuration :

#### SW-NET-A ###
User:tacacs
Password:***********
SW-A1>enable
Password:

SW-A1#

line telnet

exec-timeout 5
login authentication LoginProf
enable authentication NoneEN
exit

aaa authentication login "LoginProf" tacacs local

aaa authentication enable "NoneEN" enable

no enable password

 thanks,

IB

DELL-Josh Cr

Moderator

 • 

8.5K Posts

February 11th, 2014 07:00

aaa authentication enable "NoneEN" enable

is enabling the enable password

Try

no aaa authentication enable "NoneEN"

or

aaa authentication "tacacs" tacacs

Ramesh Babu A

1 Message

October 1st, 2017 20:00

Dear Team,

I am tried following config, but no luck, hence could you please suggest me. Its very urgent to enable TACAC to my device. Hence kindly do the needful.

aaa authentication login "networkList" tacacs local


ip http authentication tacacs local
ip https authentication tacacs local


tacacs-server host 10.xx.x.5

timeout 1

key "cxxxrp"
priority 20
exit


tacacs-server host 10.xx.2.5
timeout 1
key "cxxxrp"
priority 10
exit


tacacs-server key "cxxxrp"
ip ssh server
ip ssh pubkey-auth

Pragatheesh

1 Message

November 10th, 2017 04:00

Hi Ramesh,

Please try the following and let me know if it works for you.

switch(config)#aaa authentication enable enablelist none

switch(config)#aaa authentication login loginlist tacacs local

The above are the login and enable lists, now please apply them to the line as below

switch(config)#line ssh

switch(config-line)#login authentication loginlist

switch(config-line)#enable authentication enablelist

Authentication methods are now created and applied to the virtual terminal line. Please initiate a separate ssh connection and try login with your tacacs credentials.

NOTE:- Before successful testing, please do not close the existing terminal session. Closing the active session may lead to a complete login lockdown.

Kind regards,

Praga

tonyhess

5 Posts

January 17th, 2019 07:00

This is very simple. If you want no password on the enable prompt set it to none.

 

aaa authentication enable default none

 

the above command sets enable authentication to none.

 

So your two commands for tacacs would be..

 


aaa authentication enable default none
aaa authentication login default tacacs+ local

View More

View All

No Events found!

Top