Security

Reply
Regular Contributor I

ClearPass TACACS Local User Enable Password?

We are currently working on a migration from Cisco ACS to ClearPass for network device access via TACACS.

 

In the old ACS server we have some local accounts which need to be migrated to ClearPass. The issue is the ACS provides a user password, and enable password for each user. I dont see any option to setup an enable password for a local user in ClearPass. Is there any way to support this? 

 

If not it looks like our only option is to update ACS so that both user and enable password are the same, and put that into the local user DB in ClearPass. 

-------------------
ACDX, ACCP, CISSP, CWNA
Guru Elite

Re: ClearPass TACACS Local User Enable Password?

You can use two different user accounts for login vs enable but two passwords can’t be stored with a single user.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: ClearPass TACACS Local User Enable Password?

The problem is i don't think IOS lets to login as one user, and elevate your privilage with enable using a different username? Eitherway i can't impose that change on the IOS team. 

 

Looks like i will have to sync the enable and user password in ACS. Thanks for the reply. 

-------------------
ACDX, ACCP, CISSP, CWNA

Re: ClearPass TACACS Local User Enable Password?

In case that is acceptable in your case, you can bypass the enable password. Users logging in will get in enable mode right away, so no need to enter the additional enable password.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: