Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
3
Replies

Issue: ASA 5500X series firewall CLI with priviledge show cmd not displaying command options

John.Syd.Aus
Level 1
Level 1

‎08-15-2014 07:25 PM - last edited on ‎03-25-2019 05:53 PM by Community Manager

I'm hoping someone can help. On two 5525X ASA's one is running 9.1(1) and the other 9.1(4). I'm a read only user with privilege level set to 5.

What I notice is the following when I SSH to ASA's via management interface:


asa1 runs 9.1(4) and when I type '?' it returns the ERROR message and does't present options. To execute this command successfully I need to memorise the specific line of config.

asa1# packet-tracer input ?
ERROR: % Unrecognized command

 


asa2 runs 9.1(1) and presents options after typing '?'. This is desirable behavior and what I want to see with asa1.
asa2# packet-tracer input ?

Current available interface:
  management   Name of interface Management0/0

..

..


both have the following configured:

privilege cmd level 5 mode exec command packet-tracer

aaa authentication enable console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication http console LOCAL 
aaa authorization command LOCAL 

 

The problem described with asa1 affects other commands too. Not sure what command is missing or if this is a bug.

Any help much appreciated.

 

Labels:
0 Helpful
3 Replies 3

Rahul Kumar Mishra
Level 1
Level 1

‎08-18-2014 07:42 AM

check privilege configuration.

0 Helpful

Cisco-Learner1
Level 1
Level 1

‎08-18-2014 01:02 PM

Are both devices in failover pair?

Can you provide the output of following command from both devices

show running-config all privilege all

show run aaa

The following link will give you more information about this configuration

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html#pgfId-1145888

0 Helpful

John.Syd.Aus
Level 1
Level 1

‎08-06-2015 04:56 PM

i have raised this with the  TAC and it was identified as a bug

 

Product:
Cisco ASA 5500-X Series Next-Generation Firewalls
 
Known Affected Releases:
(5)
9.1(2)
9.1(4)
9.1(5)
9.1(5.10)
9.2(1)
Status:
Fixed
 
Defect #: CSCuq44875 'ASA: CLI commands are not displaying options for local authorization'
Defect details : https://tools.cisco.com/bugsearch/bug/CSCuq44875/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card