> OK I've done my studying and am ready to implement this. All I want to do > (for now) is have the enable password pulled from tacacs+. Sounds simple > enough...but every example I find has all this authorization stuff in it > that I don't want. It looks like all I need is this: > > > (in tac_plus.conf): > > key = "yourkeyhere" > > user = $enab15$ { > password = cleartext "password here" > } > > ---------------------- > > (on each router): > > aaa new-model > aaa authentication login default tacacs+ (by the way..cisco.com has default > group tacacs+ but this doesn't work for me) > aaa authentication login NO_AUTHENT none (for the console to not draw from > tacacs+) > ! > ip tacacs source-interface Ethernet0 (just do this for each interface > needed? Or do I need this?) > ! > tacacs-server host 10.1.1.3 key insertkeyhere > ! > line con 0 > login authentication NO_AUTHENT > > ---------------------- > > Am I missing anything? The last resort command seemed to only apply to > tacacs & not to tacacs+. Any way to do this? > > Allen May > > One more thing...how do you get DES passwords generated if you want to DES > encrypt the enable password? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10413&t=10413 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]