Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Can I make account-specific enable passwords?

This thread has been viewed 1 times

  • 1.  Can I make account-specific enable passwords?

    Posted Jun 10, 2015 03:21 PM

    Hi Folks-

     

    This might be painfully obvious but so far I haven't found what I'm looking for...

     

    Is it possible to have an enable password that works only with a specific account? For example, I have an account called 'foo' that has the role of 'root'. When foo logs onto the controller, is there some way to set an enable password that works for foo and only foo?

     

    Thanks in advance.

     

    -Chris



  • 2.  RE: Can I make account-specific enable passwords?
    Best Answer

    EMPLOYEE
    Posted Jun 10, 2015 03:23 PM

    No, you cannot. The enable secret is global.

     

    You can however bypass enable for all users and use something like TACACS+ to control access.

    enable bypass


  • 3.  RE: Can I make account-specific enable passwords?

    Posted Jun 10, 2015 03:49 PM

    Thanks, Tim. That's the answer.

     

    Bummer though... the reason I needed it was to avoid having to edit a bunch of scripts. Bypassing enable won't work for us (well it would, but we'd rather not).

     

    <opens_editor_begins_editing_scripts/>

     

    :(



  • 4.  RE: Can I make account-specific enable passwords?

    EMPLOYEE
    Posted Jun 10, 2015 03:53 PM

    There are very few commands in non-enable mode. Most commands you'd typically find on Cisco, Juniper, etc in non-enable mode are in privileged mode on an Aruba controller or switch. That's why enable bypass was added.