cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
0
Helpful
3
Replies

Issue: ASA 5500X series firewall CLI with priviledge show cmd not displaying command options

John.Syd.Aus
Level 1
Level 1

I'm hoping someone can help. On two 5525X ASA's one is running 9.1(1) and the other 9.1(4). I'm a read only user with privilege level set to 5.

What I notice is the following when I SSH to ASA's via management interface:


asa1 runs 9.1(4) and when I type '?' it returns the ERROR message and does't present options. To execute this command successfully I need to memorise the specific line of config.

asa1# packet-tracer input ?
ERROR: % Unrecognized command

 


asa2 runs 9.1(1) and presents options after typing '?'. This is desirable behavior and what I want to see with asa1.
asa2# packet-tracer input ?

Current available interface:
  management   Name of interface Management0/0

..

..


both have the following configured:

privilege cmd level 5 mode exec command packet-tracer

aaa authentication enable console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication http console LOCAL 
aaa authorization command LOCAL 

 

The problem described with asa1 affects other commands too. Not sure what command is missing or if this is a bug.

Any help much appreciated.

 

3 Replies 3

check privilege configuration.

Cisco-Learner1
Level 1
Level 1

Are both devices in failover pair?

Can you provide the output of following command from both devices

show running-config all privilege all

show run aaa

The following link will give you more information about this configuration

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html#pgfId-1145888

John.Syd.Aus
Level 1
Level 1

i have raised this with the  TAC and it was identified as a bug

 

Product:
Cisco ASA 5500-X Series Next-Generation Firewalls
 
Known Affected Releases:
(5)
9.1(2)
9.1(4)
9.1(5)
9.1(5.10)
9.2(1)
Status:
Fixed
 
Defect #: CSCuq44875 'ASA: CLI commands are not displaying options for local authorization'
Defect details : https://tools.cisco.com/bugsearch/bug/CSCuq44875/
Review Cisco Networking for a $25 gift card