Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
5
Helpful
4
Replies

Issue with enable command using ISE

GabsC2
Level 1
Level 1

‎08-31-2022 08:20 AM

Good day,

    I'm having an issue when I use the enable command having and ISE as AAA. If I enable the external auth for the enable I receive the following log:

13029 Requested privilege level too high

     I'm configuring the aaa authentication enable like this

aaa authentication enable default group ISE

     If I leave it with none or enable (local) I can connect without any issues and see all the logs in the ISE as I should but I cant seem to find why I receive that issue when using the ISE for the enable authentication. The command set has full access, it has the Permit any command that is not listed below activated and no command added, the profile has default and maximum privilege 15 and still I receive the same log.

      I'm using ISE 2.7 and a CISCO7613 for the testing.

 

 

4 Replies 4

GabsC2
Level 1
Level 1
In response to balaji.bandi

‎08-31-2022 10:04 AM

Good day Balaji,

     I read that thread before writing this one and it doesn't apply to my scenario because I don't have different privileges, the user only has default and maximum privilege 15. I don't know why it doesn't accept the enable authentication.

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to GabsC2

‎09-01-2022 09:49 AM

can you post full AAA config also VTY line config

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

GabsC2
Level 1
Level 1
In response to balaji.bandi

‎09-05-2022 08:49 AM

Good day,

     Dear Balandi, here's the information requested

aaa authentication login default local
aaa authentication login consola local enable
aaa authentication login acsmpls group ISE local enable
aaa authentication enable default none -> This is none at this point because I used the configuration stated in my first post, didn't worked and changed to none while I can solve the issue
aaa authorization exec default local
aaa authorization exec consola local
aaa authorization exec acsmpls group ISE local
aaa authorization commands 15 default local
aaa authorization commands 15 acsmpls group ISE local
aaa authorization network acsmpls group ISE local
aaa accounting exec acsmpls
action-type start-stop
group tacacs+
!
aaa accounting commands 15 acsmpls
action-type stop-only
group tacacs+
!
aaa accounting network acsmpls
action-type start-stop
group tacacs+

 

line vty 0 15

exec-timeout 5 0
password 7
authorization commands 15 acsmpls
authorization exec acsmpls
accounting commands 15 acsmpls
accounting exec acsmpls
transport input ssh

0 Helpful
Customers Also Viewed These Support Documents