cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
666
Views
0
Helpful
3
Replies
Highlighted
Beginner

No Access to CLI in Cisco Prime Infrastructure

Hello everybody,

 

I have a question regarding Cisco Prime Infrastructure. After about 2 days after setting up Prime in version 4.8 from scratch, I was not able to connect to the CLI anymore. I was using the "root"-user and I am 100% sure that I am using the correct and I tried every single possible typo, too. 

 

I am using an ISE-Server with TACACS+ for AAA and the fallback is set to "Only on no server response". For the Web interface, that works totally fine.

 

I tried to give my redular AD account the "root", "Cli Network Admin" and/or "Cli Security Admin" permissions via TACACS+ attributes to authenticate in the CLI with it, but this doesn't work as well. Setting up a local account with the same permissions does not work as well. In ISE, I can't see any of the AAA-attempts in the TACACS Live Logs. The audit trail of the local user in Prime always shows, that I used a wrong password ("Failed password for root from...".). But as I already mentioned, I am 100% that I I use the correct one and it was working at some point. I also tried rebooting it.

 

Did anyone of you had a similar issue and found out how to solve it? Resetting the password would be my last idea, but at the moment, it does not look like that the worng passsword is the actual problem. 

 

As this is my first post here, please don't mind if i selected the wrong location of the topic or something like this.

 

Kind regards,

 

Daniel

3 REPLIES 3
Highlighted
VIP Advocate

 

 - Do you still have a local-CLI account on Prime (too), which would be advisable in all circumstances ?
 M.

Highlighted

unfortunately not, the second account I've created doen'st work either, as I can reset the password in the GUI I am 100% sure that I use the correct password. I used the predefined user roles "CLI Network Admin" and "CLI Security Admin". The error in the audit trail is a bit bit different actually: "Failed password for invalid user..."

 

Kind regards,

 

Daniel

Highlighted

 

 - There's not much you can do, except indeed look at the failure logs for the particular authentication in ISE, it would be strongly advisable in future installations of Prime to always have a local-CLI account on Prime too, meaning that in this case, you can re-install Prime  (make the local-cli account too) and restore from backup , for instance.

 M.

Content for Community-Ad