cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

554
Views
0
Helpful
5
Replies
goodwin.jason
Beginner

Stright to enable mode after ACS patch

I upgraded my ACS to patch 5-3-0-40-8 last week, after the patch was applied I have been getting dropped into enable mode on my switches. (i.e switch>). I did not have to do this before, prior to patch i was taken to exec mode (i.e switch#). Any ideas or thought to get my back to this state. Thank you.                 

5 REPLIES 5
mauzamor
Beginner

Hi Jason,

As long as you have "aaa authorization exec...." configured in your IOS device (switch, router,etc.) and the ACS is configured to send a privilege level higher than 2, then you should be getting into privilege mode (#) right after the authentication.

Check those two things and let me know what you find.

The AAA authorization exec is there, and the privilage level is set at 15.  And it worked before the patch, and no changes have been made to the switch.

Jason,

I haven't seen any similar issue with this new patch, I have tested it in my lab and is working fine in my end, however you can uninstall the patch 8 with the following command from the CLI:

acs patch remove 5-3-0-40-8

This will probably restart the ACS services so during this time the server will be down and nobody will be able to authenticate so please be careful with this command and save a configuration backup just for security reasons right.

Tarik Admani
Advocate

Make sure that your policy is sending back priv15.


Sent from Cisco Technical Support Android App

Fixed it with 5.4 patch, now i am not able to log into the ASA firewall with my account. It is telling me access denied for login.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (39%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel