cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
464
Views
0
Helpful
1
Replies

FTD radius authentication failed if CLI access filter includes "admin"

newmanko1
Level 1
Level 1

We have a new FMC (v 7.4.0) and copied all settings of External authentication Radius object from older FMC where it worked fine.

However Radius authentication to the new FTDs was failing and I found out that CLI access filter can't include "admin" anymore. FMC basically won't push config with the list of CLI users to FTD.

It was working fine on previous versions of FMC (and FTD) - CLI access filter could contain also admin account in the list of CLI users and Radius authentication to FTDs was OK. Also "show user" output listed correct external users but this is not the case now - as soon as admin is added to CLI access filter then "show user" output is not populated with new users.

Is this a new requirement to exclude admin from the CLI access filter or is it a bug?

1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

Not that i think of config, you mentioned it works before, that mean older version of 7.4 ?

admin account will not work when the TACACS as priority and failed to fall back local.

For testing on AAA change the key of FMC (so FMC fail to authenticate, then you can use admin account to login).

i would also check the release notes for bug :

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/740/threat-defense-release-notes-74.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card