cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

307
Views
0
Helpful
4
Replies
Highlighted
Beginner

Cannot sh run or ls

Hi,

Fairly new to ACS. Our 4.2 has been working fine until about 2 weeks ago. I have an account as part of the admin group, that group is set to lvl15 priv. When I telnet into any of our routers or linux servers, we can log in, but once we issue a sh run on routers or ls on ix boxes the session freezes. It appears to be anything related to listing etc. I can get into exec mode on our routers, those that are not part of any aaa, same problem, can't sh run

4 REPLIES 4
Highlighted
Cisco Employee

Re: Cannot sh run or ls

Hi,

As stated that when you execute "SH RUN" the session freezes. Does it shows the o/p after sometime or it gives any error message.

Also, do you have command authorization configured on router/ACS?

Please check the shared profile component >> shell command authorization set. Also check go to admin group and check the tacacs+ settings.

From one of your device in question, please send the output of the below listed command

"sh run | in aaa"

HTH

Regards,

JK

~Jatin Katyal
Highlighted
Beginner

Re: Cannot sh run or ls

Hi, JK,

I tried what you suggested, but no luck. The odd thing is the router I am telnet to is not AAA enabled,

Password:

golr_middelburg>en

Password:

golr_middelburg#sh run | in aaa

no aaa new-model

golr_middelburg#sh run

Building configuration...

and that is where is stays for a long time until it disconnects. I created a new account and put it in the default group, it did not make a difference. The new account also have lvl15 priv. However I can RDP fine to servers, it's just when you seem to pass output from telnet like ls or sh run...

Sincerely

Highlighted

Re: Cannot sh run or ls

Hi,

Do you have any policy map configured on the router, that can cause session to freeze.

Regards,

~JG

Highlighted
Beginner

Re: Cannot sh run or ls

Hi, no. The odd thing is i can RDP into a terminal server and when i telnet from the subnet the terminal server is on, it works perfectly. It's just when i telnet from the IP the ASA allocates when you connect with a VPN. It worked fine up until a week ago..