Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
5
Replies

Stright to enable mode after ACS patch

goodwin.jason
Level 1
Level 1

‎12-10-2012 04:59 AM - edited ‎03-10-2019 07:52 PM

I upgraded my ACS to patch 5-3-0-40-8 last week, after the patch was applied I have been getting dropped into enable mode on my switches. (i.e switch>). I did not have to do this before, prior to patch i was taken to exec mode (i.e switch#). Any ideas or thought to get my back to this state. Thank you.                 

Labels:
0 Helpful
5 Replies 5

mauzamor
Level 1
Level 1

‎12-10-2012 06:28 AM

Hi Jason,

As long as you have "aaa authorization exec...." configured in your IOS device (switch, router,etc.) and the ACS is configured to send a privilege level higher than 2, then you should be getting into privilege mode (#) right after the authentication.

Check those two things and let me know what you find.

0 Helpful

goodwin.jason
Level 1
Level 1
In response to mauzamor

‎12-10-2012 08:10 AM

The AAA authorization exec is there, and the privilage level is set at 15.  And it worked before the patch, and no changes have been made to the switch.

0 Helpful

mauzamor
Level 1
Level 1
In response to goodwin.jason

‎12-10-2012 09:38 AM

Jason,

I haven't seen any similar issue with this new patch, I have tested it in my lab and is working fine in my end, however you can uninstall the patch 8 with the following command from the CLI:

acs patch remove 5-3-0-40-8

This will probably restart the ACS services so during this time the server will be down and nobody will be able to authenticate so please be careful with this command and save a configuration backup just for security reasons right.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎12-10-2012 06:05 PM

Make sure that your policy is sending back priv15.


Sent from Cisco Technical Support Android App

0 Helpful

goodwin.jason
Level 1
Level 1
In response to Tarik Admani

‎12-14-2012 11:16 AM

Fixed it with 5.4 patch, now i am not able to log into the ASA firewall with my account. It is telling me access denied for login.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents