We are implementing Role-Based CLI Access across a number of routers and switches using RADIUS authentication and authorization. When authentication occurs, the RADIUS server also returns the proper view name for the Role-Based authorization, so the user is put immediately into that view and has capabilities according to that view's configuration on the client device. This all is working just fine.
But there is an issue with Cisco Prime LMS 4.2.4 NetConfig. Cisco Prime has credentials on the RADIUS server that give it both privilege level 15 and view "root", which means that it is put immediately into view root when it logs into client devices. When trying to run a NetConfig job, whether in config mode or enable mode, the job apparently always tries to enter enable mode, which is unnecessary, and fails with the error
ERROR:CONFIG_CDL1031:Transport session to device failed Could not enter ENABLE Mode from USER Mode on Device.
This has also been tried with Cisco Prime Infrastructure 3.1.1 and fails with the same type of error.
In both LMS and Infrastructure, the configuration job fails when trying to go to enable mode from user mode even though it is already in view root when it first logs in. Why is it doing this unneeded step and how can this step be skipped?
Cisco Digital Network Architecture Center Modules (Design Module)Part.3In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module.Cisco DNA Center gives us the flexibility and scalability to configure mult...
Cisco 2509-RJ freezes during start-up I bought some Cisco 2509-RJ terminal server to work on my labs and was working fine. Today I turned it on and half way through starting up it seems to freeze. I can only find one instance of this happing to ...
Cisco Digital Network Architecture Center Modules(Design Module)Part.2In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module. Cisco DNA Center gives us the flexibility and availability to con...
Connectivity Design considerations and recommendation
1.Management Access connectivity
If there is a dedicated OOB management path, consider connecting to CIMC and MGMT port.
If OOB path is not available, Connect the dedicated Management port to LAN Swi...