Solved: Maglev cli

KevinR99 · ‎11-05-2022

Hi

Has anything changed with DNAC and maglev commands? I’ve not logged into the cli on our DNAC for some time and we have had several updates since. We are at the latest version currently. Yesterday I had an issue and wanted to run a tcpdump. So I looked at my notes and got the commands

sudo tcpdump ……..

When I tried this it was an unrecognised command. I’m certain I’ve run tcpdump before from the maglev cli.

Thanks, Kev

willwetherman · ‎11-07-2022

This will be caused by the restricted shell feature that is enabled by default in the later versions of DNA Center

When you SSH to maglev, you need to enter command '_shell' to enter the bash shell to be able to run commands such as tcpdump.

You can disable and re-enable the restricted shell feature if required

To disable

_shell -c 'sudo magctl ssh shell bash'

To re-enable

_shell -c 'sudo magctl ssh shell magshell'

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/admin_guide/b_cisco_dna_center_admin_guide_2_3_3/b_cisco_dna_center_admin_guide_2_3_3_chapter_010.html#Cisco_Task_in_List_GUI.dita_54088...

View solution in original post

marce1000 · ‎11-05-2022

- If possible search for the command with Linux find , it may not be included in the PATH of the current user.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

willwetherman · ‎11-07-2022

This will be caused by the restricted shell feature that is enabled by default in the later versions of DNA Center

When you SSH to maglev, you need to enter command '_shell' to enter the bash shell to be able to run commands such as tcpdump.

You can disable and re-enable the restricted shell feature if required

To disable

_shell -c 'sudo magctl ssh shell bash'

To re-enable

_shell -c 'sudo magctl ssh shell magshell'

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/admin_guide/b_cisco_dna_center_admin_guide_2_3_3/b_cisco_dna_center_admin_guide_2_3_3_chapter_010.html#Cisco_Task_in_List_GUI.dita_54088...

Martin Grimm · ‎07-17-2023

I was a little fast and typed only:
_shell

Now DNAC want to know the Challenge / Response Token. How can a clear that state?

$ _shell -c 'sudo magctl ssh shell magshell' 

A challenge is already in progress with state CT_STATE_RESP_WAIT
VunL3QAAAQUBAAQAAA.....
Please provide the consent token via [_shell -v] command for bash shell-access

Regards,

Martin

PabMar · ‎07-17-2023

Martin, you need to get onto TAC for a token.

Check the admin guide.

Hope that helps.

Regards.

Cedric Metzger · ‎08-15-2023

Hey @Martin Grimm , i stumpled about the same issue. Were you able to solve it?

Martin Grimm · ‎08-21-2023

Hi Cedric, yes you need a TAC Case, for that.

KevinR99 · ‎11-09-2022

Thank you. That worked.