cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

719
Views
0
Helpful
2
Replies
Beginner

Device admin not able to execute command a Cisco ASA CLI after TACACS authentication

Hi All,

I have setup a Cisco ASA with the device admin access to be authencticatedand authorizated with a Cisco ACS v 5.2. However, I am not able to exeute and command at the CLI even I have authenicated successfully. I have configure the Cisco ACS to permit all command and to set the shell prviliages to 15.

Please advice.

Thks and Rgds

2 REPLIES 2
Highlighted
Cisco Employee

Device admin not able to execute command a Cisco ASA CLI after T

Looks like you are getting "command authorization failed".

Did you check this option under policy element > device administration > command set > edit >

  "Permit any command that is not in the table below"

Do we have the same/correct command set selected under the access-policies > default device admin > authorization > edit rule > check what we have in command set selected option.

If it's not visible there, then on the same page you need to click on customise tab in the right bottom corner and move the command set option on the right set.

Hope this adds some direction.

Regards,

Jatin

Do rate helpful posts-

~Jatin Katyal
Highlighted
Cisco Employee

Device admin not able to execute command a Cisco ASA CLI after T

What is the authorization failure reason if there is any in the logs?