Security

I'm setting up TACACS+ with HP ProCurve switches and it's working just fine, however, we are looking for a way to send the privilege level and bypass having to enter an emable password?

 

We are able to send the privilidge level, no problem. I've been unable to find a way to send a command back or a way to perform the enable Bypass.

 

Thank you for your help

Andy Clelland

Structured Communication Systems, Inc. 

Do you have "shell priv-lvl 15"?

I do, however the enable password is still required. There is a Manager user configured but if we remove that, you still have to type in enable to get to the enable mode. We are looking to pass that on and if you are given privilege level 15, just go directly into enable mode

Regards,
Andy Clelland
ACMP, ACCP
Structured Communication Systems, Inc

Can you post your HP tacacs config?


Thanks,
Tim

I'll post the config a little later today.

 

I may have found what I'm looking for. Has anyone tried this?

Creating a Named List for the Enable Mode Authentication

To create a named list for the enable mode, you must determine the authenti- cation methods you want to use and the order in which you want the authenti- cation methods applied. From the global configuration mode context, enter:

Syntax: aaa authentication enable default {none | line | enable | [group <groupname> | radius | tacacs+]} 

 

Regards,

Andy Clelland

Structured Communications