> OK I've done my studying and am ready to implement this. All I want to do
> (for now) is have the enable password pulled from tacacs+. Sounds simple
> enough...but every example I find has all this authorization stuff in it
> that I don't want. It looks like all I need is this:
>
>
> (in tac_plus.conf):
>
> key = "yourkeyhere"
>
> user = $enab15$ {
> password = cleartext "password here"
> }
>
> ----------------------
>
> (on each router):
>
> aaa new-model
> aaa authentication login default tacacs+ (by the way..cisco.com has
default
> group tacacs+ but this doesn't work for me)
> aaa authentication login NO_AUTHENT none (for the console to not draw from
> tacacs+)
> !
> ip tacacs source-interface Ethernet0 (just do this for each interface
> needed? Or do I need this?)
> !
> tacacs-server host 10.1.1.3 key insertkeyhere
> !
> line con 0
> login authentication NO_AUTHENT
>
> ----------------------
>
> Am I missing anything? The last resort command seemed to only apply to
> tacacs & not to tacacs+. Any way to do this?
>
> Allen May
>
> One more thing...how do you get DES passwords generated if you want to DES
> encrypt the enable password?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10413&t=10413
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
