topic Re: Cannot sh run or ls in Network Access Control

Cannot sh run or ls

linda — Sun, 10 Mar 2019 23:40:38 GMT

Hi,

Fairly new to ACS. Our 4.2 has been working fine until about 2 weeks ago. I have an account as part of the admin group, that group is set to lvl15 priv. When I telnet into any of our routers or linux servers, we can log in, but once we issue a sh run on routers or ls on ix boxes the session freezes. It appears to be anything related to listing etc. I can get into exec mode on our routers, those that are not part of any aaa, same problem, can't sh run

Re: Cannot sh run or ls

Jatin Katyal — Tue, 08 Sep 2009 11:13:17 GMT

Hi,

As stated that when you execute "SH RUN" the session freezes. Does it shows the o/p after sometime or it gives any error message.

Also, do you have command authorization configured on router/ACS?

Please check the shared profile component >> shell command authorization set. Also check go to admin group and check the tacacs+ settings.

From one of your device in question, please send the output of the below listed command

"sh run | in aaa"

HTH

Regards,

Re: Cannot sh run or ls

linda — Tue, 08 Sep 2009 13:22:28 GMT

Hi, JK,

I tried what you suggested, but no luck. The odd thing is the router I am telnet to is not AAA enabled,

Password:

golr_middelburg>en

Password:

golr_middelburg#sh run | in aaa

no aaa new-model

golr_middelburg#sh run

Building configuration...

and that is where is stays for a long time until it disconnects. I created a new account and put it in the default group, it did not make a difference. The new account also have lvl15 priv. However I can RDP fine to servers, it's just when you seem to pass output from telnet like ls or sh run...

Sincerely

Re: Cannot sh run or ls

Jagdeep Gambhir — Tue, 08 Sep 2009 14:56:35 GMT

Hi,

Do you have any policy map configured on the router, that can cause session to freeze.

Regards,

~JG

Re: Cannot sh run or ls

linda — Tue, 08 Sep 2009 15:11:28 GMT

Hi, no. The odd thing is i can RDP into a terminal server and when i telnet from the subnet the terminal server is on, it works perfectly. It's just when i telnet from the IP the ASA allocates when you connect with a VPN. It worked fine up until a week ago..