cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

527
Views
0
Helpful
1
Replies
johnaceti
Beginner

Recently RMA'd unit ACS 5.3 with ACS 5.4 having problems with authorizations

                   Thanks for taking the time to look at this with me. I have a field tech that had to replace an ACS 5.3 box. The new one was 5.4, unfortuantely there were not config backups of the old device.

At this point just setting up a local list of users in the ACS and setting permissions to for the administrators to have access to the routers and switches.

My tech reports that he is experiencing a strange problem with permissions to the Cisco Nexus 7000 via thje ACS 5.4. When we  SSH in, we are authenticated via the ACS server but do not go into privilage exec we still need to type enable and then enter the enable password. We thought that before the username/pw would bring usimediately to privilage exec mode.

So we then enter the enable password, get the # prompt and do a "show run" we then get an unauthorized message.

This is odd because we can do a "config t" .

So it appears we are not at level 15 and assume this is part of the Authorization policy's but do not see where those levels are set. I have the checkbox if command not listed to permit access.

Am I missing something? Can someone please point me to where I should look for these settings?

1 REPLY 1
johnaceti
Beginner

Disregard my post. I discovered that Permit is not the same as FULL-ACCESS

Changed policy to full-access and now able to enter the show run command

Content for Community-Ad