CatOS AAA

[oddyager]

I have a 6509 running CatOS (upgrading to IOS not an option unfortuantely) and I can not get local enable to work. I have an ACS server doing tacacs and what I want to do is have server handle authentication and authorization (that works fine) and when the server fails, allow local authentication and then prompt for enable password. I can get local authentication to work fine but when I do enable, it comes back with an error indicating TACACS server not found so it looks like it is still hitting the server for enable commands. Anyone running catos and aaa can hit me up with their config for it?

This is what I have set:


set authentication login tacacs enable all primary
set authentication enable tacacs enable all primary
set authentication enable local enable all
set authentication login local enable all
set author exec enable tacacs if-authen both
set author enable enable tacacs if-authen both

 

[oddyager]

Nevermind. It works. I was getting this:


TACACS: Unable to contact Server
Trying Local Login Authentication
Username: testadmin

Password:
TEST-CORE01> en
TACACS: Unable to contact Server
Trying Local Enable Authentication

Username:


and immediately assumed it wasn't working because of the username prompt but I didn't read the "Local Enable" on there. So I did the username and typed in the ENABLE password and I'm in. I don't know why it prompts my username a second time after the initial authentication.