FTD radius authentication failed if CLI access filter includes "admin"

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2024 04:33 PM
We have a new FMC (v 7.4.0) and copied all settings of External authentication Radius object from older FMC where it worked fine.
However Radius authentication to the new FTDs was failing and I found out that CLI access filter can't include "admin" anymore. FMC basically won't push config with the list of CLI users to FTD.
It was working fine on previous versions of FMC (and FTD) - CLI access filter could contain also admin account in the list of CLI users and Radius authentication to FTDs was OK. Also "show user" output listed correct external users but this is not the case now - as soon as admin is added to CLI access filter then "show user" output is not populated with new users.
Is this a new requirement to exclude admin from the CLI access filter or is it a bug?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2024 11:22 PM
Not that i think of config, you mentioned it works before, that mean older version of 7.4 ?
admin account will not work when the TACACS as priority and failed to fall back local.
For testing on AAA change the key of FMC (so FMC fail to authenticate, then you can use admin account to login).
i would also check the release notes for bug :
