12-06-2016 02:57 AM
Team, good day !
Regarding: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy46322/?referring_site=bugquickviewredir
And situation when any user from AD can access VTY with default DenyAllCommands authorization policy & many such logins could potentially deny Administration access through VTY.
In bug notice, known fixed release is ISE 2.1(0.474).
We have all patches installed on ISE:
Cisco Identity Services Engine
---------------------------------------------
Version : 2.1.0.474
Build Date : Wed May 25 07:34:43 2016
Install Date : Mon Sep 19 21:08:02 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 1
Install Date : Mon Sep 19 23:50:15 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 2
Install Date : Mon Nov 28 11:52:19 2016
And provided few tests regarding Authentication.
Team, any workarounds/solutions not to allow Authenticated, but not Authorized users not to allow access to VTY ? Or restrict Authentication to specific AD groups/OU’s ?
Thank you !
Solved! Go to Solution.
12-06-2016 09:32 AM
If seen only with NX-OS, it's likely due to known issues with NX-OS devices. I documented the workaround in the lab guide for T+ in Sales Connect.
Otherwise, you are likely hitting a newer bug -- CSCvc15000.
12-06-2016 09:32 AM
If seen only with NX-OS, it's likely due to known issues with NX-OS devices. I documented the workaround in the lab guide for T+ in Sales Connect.
Otherwise, you are likely hitting a newer bug -- CSCvc15000.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide