Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass TACACS Local User Enable Password?

This thread has been viewed 4 times

  • 1.  ClearPass TACACS Local User Enable Password?

    Posted Feb 27, 2018 02:48 PM

    We are currently working on a migration from Cisco ACS to ClearPass for network device access via TACACS.

     

    In the old ACS server we have some local accounts which need to be migrated to ClearPass. The issue is the ACS provides a user password, and enable password for each user. I dont see any option to setup an enable password for a local user in ClearPass. Is there any way to support this? 

     

    If not it looks like our only option is to update ACS so that both user and enable password are the same, and put that into the local user DB in ClearPass. 



  • 2.  RE: ClearPass TACACS Local User Enable Password?
    Best Answer

    EMPLOYEE
    Posted Feb 27, 2018 03:02 PM
    You can use two different user accounts for login vs enable but two passwords can’t be stored with a single user.


  • 3.  RE: ClearPass TACACS Local User Enable Password?

    Posted Feb 27, 2018 03:14 PM

    The problem is i don't think IOS lets to login as one user, and elevate your privilage with enable using a different username? Eitherway i can't impose that change on the IOS team. 

     

    Looks like i will have to sync the enable and user password in ACS. Thanks for the reply. 



  • 4.  RE: ClearPass TACACS Local User Enable Password?

    EMPLOYEE
    Posted Feb 28, 2018 07:22 AM

    In case that is acceptable in your case, you can bypass the enable password. Users logging in will get in enable mode right away, so no need to enter the additional enable password.