Showing results for 
Search instead for 
Did you mean: 

Recently RMA'd unit ACS 5.3 with ACS 5.4 having problems with authorizations


                   Thanks for taking the time to look at this with me. I have a field tech that had to replace an ACS 5.3 box. The new one was 5.4, unfortuantely there were not config backups of the old device.

At this point just setting up a local list of users in the ACS and setting permissions to for the administrators to have access to the routers and switches.

My tech reports that he is experiencing a strange problem with permissions to the Cisco Nexus 7000 via thje ACS 5.4. When we  SSH in, we are authenticated via the ACS server but do not go into privilage exec we still need to type enable and then enter the enable password. We thought that before the username/pw would bring usimediately to privilage exec mode.

So we then enter the enable password, get the # prompt and do a "show run" we then get an unauthorized message.

This is odd because we can do a "config t" .

So it appears we are not at level 15 and assume this is part of the Authorization policy's but do not see where those levels are set. I have the checkbox if command not listed to permit access.

Am I missing something? Can someone please point me to where I should look for these settings?

1 Reply 1


Disregard my post. I discovered that Permit is not the same as FULL-ACCESS

Changed policy to full-access and now able to enter the show run command

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers