Q: "Before that post, had you tried the N series RADIUS instructions here?"
A: Yes, those are actual instructions that I used to setup RADIUS. I had that page open on a tab as I type this already. When I setup the authentication list, and apply that list to the line as outlined in the post, I get authentication failed trying either the local enable password or trying to use the radius password…neither will work at that point.
Q: "So, do you actually see any auth traffic passed to the Duo authentication proxy when you try elevate to the enable prompt?"
A: I have just really starting using the duo proxy so I will need to read and figure out how to look at how to look at the traffic coming to the proxy.
Q: "Have you tried turning on the authentication proxy’s debug logging to get more info about the auth requests?"
A: I have not. I did not know this feature existed but it makes sense that it wold be there. I will try to figure that out as well.
Q: "What username does the enable command send - yours or a generic one (like the enab15 user mentioned in the article the Dell tech recommended to you)?"
A: The only local user that is on the switch is the user admin and this has the enable password set to it. I have tried to create the enable user as outlined in that article but authentication fails.
Q: "Do you mean you want to automatically be in privileged mode as soon as you login? The Dell tech who responded to you said…"
A: Yes, that is what I am trying to accomplish.
Q: "Which implies you have to actually issue the enable command on the switch, but it sounds like you expect Duo to issue this command for you somehow?"
A: I am just trying to not have to type the local enable password to get into privileged mode. After 2FA is successful that is all the authentication that one would need. Whether it be Duo or the switch itself that issues the command doesn’t matter to me as long as it works. Thanks for your help!