08-31-2022 08:20 AM
Good day,
I'm having an issue when I use the enable command having and ISE as AAA. If I enable the external auth for the enable I receive the following log:
13029 Requested privilege level too high
I'm configuring the aaa authentication enable like this
aaa authentication enable default group ISE
If I leave it with none or enable (local) I can connect without any issues and see all the logs in the ISE as I should but I cant seem to find why I receive that issue when using the ISE for the enable authentication. The command set has full access, it has the Permit any command that is not listed below activated and no command added, the profile has default and maximum privilege 15 and still I receive the same log.
I'm using ISE 2.7 and a CISCO7613 for the testing.
08-31-2022 09:08 AM
follow below thread :
08-31-2022 10:04 AM
Good day Balaji,
I read that thread before writing this one and it doesn't apply to my scenario because I don't have different privileges, the user only has default and maximum privilege 15. I don't know why it doesn't accept the enable authentication.
09-01-2022 09:49 AM
can you post full AAA config also VTY line config
09-05-2022 08:49 AM
Good day,
Dear Balandi, here's the information requested
aaa authentication login default local
aaa authentication login consola local enable
aaa authentication login acsmpls group ISE local enable
aaa authentication enable default none -> This is none at this point because I used the configuration stated in my first post, didn't worked and changed to none while I can solve the issue
aaa authorization exec default local
aaa authorization exec consola local
aaa authorization exec acsmpls group ISE local
aaa authorization commands 15 default local
aaa authorization commands 15 acsmpls group ISE local
aaa authorization network acsmpls group ISE local
aaa accounting exec acsmpls
action-type start-stop
group tacacs+
!
aaa accounting commands 15 acsmpls
action-type stop-only
group tacacs+
!
aaa accounting network acsmpls
action-type start-stop
group tacacs+
line vty 0 15
exec-timeout 5 0
password 7
authorization commands 15 acsmpls
authorization exec acsmpls
accounting commands 15 acsmpls
accounting exec acsmpls
transport input ssh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide