Ansible with Cisco IOS and two steps authentication (Tacacs)

Uni

unread,

Mar 8, 2016, 10:59:30 AM3/8/16

to Ansible Project

Hi guys

I am totally new to Ansible. Could anyone of you please point me to an example on how to use Ansible with two steps authentication? Our network devices access in controlled by Tacas+ and we have to authenticate to get access and then use "enable x" to get to the access level that we need. This command also requires authentication How is this handled in Ansible?

pspr...@ansible.com

unread,

Mar 8, 2016, 7:32:20 PM3/8/16

to Ansible Project

You can use the following arguments to any of the IOS modules:

authorize: yes

auth_pass: <your enable password.

Uni

unread,

Mar 9, 2016, 5:46:01 AM3/9/16

to Ansible Project

Would that work when I send "enable 7" instead of "enable" ?

How do I make Ansible use "enable 7" for authoirzation?

Christer Hemgren

unread,

Jan 5, 2017, 8:18:22 PM1/5/17

to Ansible Project

Hi Uni

You can use your tacacs to not need "enable 7" as I do not think the module support it.

Meaning when user x enter only standard enable and authorize by tacacs return enable privilage level 7.

See http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

Christer

Reply all

Reply to author

Forward