We are implementing Role-Based CLI Access across a number of routers and switches using RADIUS authentication and authorization. When authentication occurs, the RADIUS server also returns the proper view name for the Role-Based authorization, so the user is put immediately into that view and has capabilities according to that view's configuration on the client device. This all is working just fine.
But there is an issue with Cisco Prime LMS 4.2.4 NetConfig. Cisco Prime has credentials on the RADIUS server that give it both privilege level 15 and view "root", which means that it is put immediately into view root when it logs into client devices. When trying to run a NetConfig job, whether in config mode or enable mode, the job apparently always tries to enter enable mode, which is unnecessary, and fails with the error
ERROR:CONFIG_CDL1031:Transport session to device failed Could not enter ENABLE Mode from USER Mode on Device.
This has also been tried with Cisco Prime Infrastructure 3.1.1 and fails with the same type of error.
In both LMS and Infrastructure, the configuration job fails when trying to go to enable mode from user mode even though it is already in view root when it first logs in. Why is it doing this unneeded step and how can this step be skipped?
Today I'm going to talk about SD-wan including SD-WAN advanced lab ,, first thing let's take a small brief about the SD_WAN. What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology o...
Leopold Fisher, Cisco Meraki IoT specialist, will introduce you to new and innovative additions to the Meraki portfolio coming in April 2021.
Meraki Vision Session
MV smart camera range is getting big...
To participate in this event, please use the button to ask your questions
Dynamic Routing Protocols & IPv6
Have any questions on dynamic routing protocols with IPv6?
In this event we will answer all your questions related to dynamic routing pro...
Today I'm going to talk about SD-wan including SD-WAN advanced , first thing let's take a small brief about the SD_WAN.What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology of software-definednetworking ...
The cat's out of the bag! In October 2020, Cisco announced the Next Generation of Enterprising Routing Platforms: the Catalyst 8000 Edge Platforms Family including the Catalyst 8200, Catalyst 8300, Catalyst 8500, and Catalyst 8000V. The new family of Cats...