Stright to enable mode after ACS patch

goodwin.jason · ‎12-10-2012

I upgraded my ACS to patch 5-3-0-40-8 last week, after the patch was applied I have been getting dropped into enable mode on my switches. (i.e switch>). I did not have to do this before, prior to patch i was taken to exec mode (i.e switch#). Any ideas or thought to get my back to this state. Thank you.

mauzamor · ‎12-10-2012

Hi Jason,

As long as you have "aaa authorization exec...." configured in your IOS device (switch, router,etc.) and the ACS is configured to send a privilege level higher than 2, then you should be getting into privilege mode (#) right after the authentication.

Check those two things and let me know what you find.

goodwin.jason · ‎12-10-2012

The AAA authorization exec is there, and the privilage level is set at 15. And it worked before the patch, and no changes have been made to the switch.

mauzamor · ‎12-10-2012

Jason,

I haven't seen any similar issue with this new patch, I have tested it in my lab and is working fine in my end, however you can uninstall the patch 8 with the following command from the CLI:

acs patch remove 5-3-0-40-8

This will probably restart the ACS services so during this time the server will be down and nobody will be able to authenticate so please be careful with this command and save a configuration backup just for security reasons right.

Tarik Admani · ‎12-10-2012

Make sure that your policy is sending back priv15.

Sent from Cisco Technical Support Android App

goodwin.jason · ‎12-14-2012

Fixed it with 5.4 patch, now i am not able to log into the ASA firewall with my account. It is telling me access denied for login.