In Cisco ACS/ISE, enable password is configured other the local username. Its simply a option there.
In Clearpass 6.7 (which i have in my lab) we have to create 2 authentication sources (if we want enable and user password to be different). Need to ask if its changed for the better in 6.9? or we have to follow the exact some workflow?
I am currently doing a PoC and customer is surprised as to why this is not possible with Clearpass
It is not possible to enter two passwords for an internal user in 6.9, so you can achieve the goal with two authentication sources (and two separate services) as you mentioned.
We see most customers moving away from the additional enable password as the end-user experience is poor (why enter 2 passwords) and it is not supported an all equipment which makes it hard to implement the same access procedure everywhere.
Please share your thoughts on this with your local Aruba SE, here, and/or open an Innovation Zone request.
Well, if it is this kind of customer, there is only one option. go to the next customer who is open for a discussion with someone who knows what to do.
I know it is hard, but to be honest, if you are in such a customer situation, why should this customer ever buy something different then cisco so your valuable time is wasted.
Nevertheless, I hope you are able to convince the customer and show him the benefits of ClearPass in comparison to competitive products.
just my 2cents
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.