cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

42
Views
0
Helpful
0
Replies
Beginner

Role-Based Access and Cisco Prime NetConfig

We are implementing Role-Based CLI Access across a number of routers and switches using RADIUS authentication and authorization.  When authentication occurs, the RADIUS server also returns the proper view name for the Role-Based authorization, so the user is put immediately into that view and has capabilities according to that view's configuration on the client device.  This all is working just fine.

But there is an issue with Cisco Prime LMS 4.2.4 NetConfig.  Cisco Prime has credentials on the RADIUS server that give it both privilege level 15 and view "root", which means that it is put immediately into view root when it logs into client devices.  When trying to run a NetConfig job, whether in config mode or enable mode, the job apparently always tries to enter enable mode, which is unnecessary, and fails with the error

  ERROR:CONFIG_CDL1031:Transport session to device failed Could not enter ENABLE Mode from USER Mode on Device. 

This has also been tried with Cisco Prime Infrastructure 3.1.1 and fails with the same type of error.

In both LMS and Infrastructure, the configuration job fails when trying to go to enable mode from user mode even though it is already in view root when it first logs in.  Why is it doing this unneeded step and how can this step be skipped?

Thanks for any help.

Dave

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards