Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3000
Views
5
Helpful
5
Replies

No Access to CLI in Cisco Prime Infrastructure

danieltom
Level 1
Level 1

‎06-18-2020 01:15 AM

Hello everybody,

 

I have a question regarding Cisco Prime Infrastructure. After about 2 days after setting up Prime in version 4.8 from scratch, I was not able to connect to the CLI anymore. I was using the "root"-user and I am 100% sure that I am using the correct and I tried every single possible typo, too. 

 

I am using an ISE-Server with TACACS+ for AAA and the fallback is set to "Only on no server response". For the Web interface, that works totally fine.

 

I tried to give my redular AD account the "root", "Cli Network Admin" and/or "Cli Security Admin" permissions via TACACS+ attributes to authenticate in the CLI with it, but this doesn't work as well. Setting up a local account with the same permissions does not work as well. In ISE, I can't see any of the AAA-attempts in the TACACS Live Logs. The audit trail of the local user in Prime always shows, that I used a wrong password ("Failed password for root from...".). But as I already mentioned, I am 100% that I I use the correct one and it was working at some point. I also tried rebooting it.

 

Did anyone of you had a similar issue and found out how to solve it? Resetting the password would be my last idea, but at the moment, it does not look like that the worng passsword is the actual problem. 

 

As this is my first post here, please don't mind if i selected the wrong location of the topic or something like this.

 

Kind regards,

 

Daniel

Labels:
0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎06-18-2020 03:14 AM

 

 - Do you still have a local-CLI account on Prime (too), which would be advisable in all circumstances ?
 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

danieltom
Level 1
Level 1
In response to marce1000

‎06-18-2020 03:26 AM

unfortunately not, the second account I've created doen'st work either, as I can reset the password in the GUI I am 100% sure that I use the correct password. I used the predefined user roles "CLI Network Admin" and "CLI Security Admin". The error in the audit trail is a bit bit different actually: "Failed password for invalid user..."

 

Kind regards,

 

Daniel

0 Helpful

marce1000
VIP
VIP
In response to danieltom

‎06-18-2020 03:45 AM

 

 - There's not much you can do, except indeed look at the failure logs for the particular authentication in ISE, it would be strongly advisable in future installations of Prime to always have a local-CLI account on Prime too, meaning that in this case, you can re-install Prime  (make the local-cli account too) and restore from backup , for instance.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Tobias Heisele
Level 1
Level 1

‎01-11-2022 12:04 AM

What is the purpose of "CLI Network Admin" and "CLI Security Admin" user groups? I could not find any documentation regarding this. Can anyone help?

Georg Pauwen
VIP
VIP
In response to Tobias Heisele

‎01-11-2022 12:45 AM

Hello,

 

I guess what you are looking for is a comprehensive list of default privileges for these two user groups. I have done a quite extensive search and came up empty myself as well. Odd that this does not seem to be documented somewhere...

0 Helpful
Customers Also Viewed These Support Documents