Wireless Access

Reply
cw
New Contributor

Can I make account-specific enable passwords?

Hi Folks-

 

This might be painfully obvious but so far I haven't found what I'm looking for...

 

Is it possible to have an enable password that works only with a specific account? For example, I have an account called 'foo' that has the role of 'root'. When foo logs onto the controller, is there some way to set an enable password that works for foo and only foo?

 

Thanks in advance.

 

-Chris

Guru Elite

Re: Can I make account-specific enable passwords?

No, you cannot. The enable secret is global.

 

You can however bypass enable for all users and use something like TACACS+ to control access.

enable bypass

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
cw
New Contributor

Re: Can I make account-specific enable passwords?

Thanks, Tim. That's the answer.

 

Bummer though... the reason I needed it was to avoid having to edit a bunch of scripts. Bypassing enable won't work for us (well it would, but we'd rather not).

 

<opens_editor_begins_editing_scripts/>

 

:(

Guru Elite

Re: Can I make account-specific enable passwords?

There are very few commands in non-enable mode. Most commands you'd typically find on Cisco, Juniper, etc in non-enable mode are in privileged mode on an Aruba controller or switch. That's why enable bypass was added.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: