I want to clarify here, that the enable mode password is unique and not the same as the RADIUS or any other external authentication. Enable mode password is created during the initial setup of the device and is uniquely set on the device, not through RADIUS.
"Set a unique enable password, different from that of the built-in admin account.
The enable password should be stronger than the primary admin password and be shared among only a few admins, on a need-to-know basis."
See:
Content Analysis Security Best Practices
https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-0/solution_initial_configuration/security_bestpractice.html
Original Message:
Sent: Jan 22, 2024 11:26 AM
From: DK_Network_Secu
Subject: Radius authentication for mamanagement users
Hi
I got a '% Bad pawword" message.
I use the same password as for the first login
Original Message:
Sent: Jan 18, 2024 07:01 AM
From: Klaus Klinge
Subject: Radius authentication for mamanagement users
Hi,
what happens, when you enter your user`managment-password again, when you enter the ena mode?
So:
admin = 1 Password
ena = 1 different Password
User = User Password
ena = same User Password
Original Message:
Sent: Jan 11, 2024 11:24 AM
From: DK_Network_Secu
Subject: Radius authentication for mamanagement users
Hi
We are authenticating our management users with Radius,
It works fine until one tries to enter Enable mode.
Works fine on ProxySG, also in Enable mode.
We use Cisco ISE version 3
Am i missing something in the ISE server config?
R. Denis Vincent