09-26-2017 12:35 AM - edited 03-01-2019 03:08 PM
Good day,
I hope someone can assist.
I have denied the command: "route-policy" with arguments "default_policy_pass_all" on our Cisco ACS.
When someone tries to create/edit this policy they enter "route-policy default_policy_pass_all"
They then type "end-policy" and they receive "Command authorization failed" as expected and the command is not allowed.
However, when they create/edit this policy and enter, "route-policy default_policy_pass_all" and hit CTRL + C on the keyboard, they are able to commit thus editing the policy and breaking services.
It seems like this is an XR software issue because the ASR never asks the ACS for authorization for entering the command "route-policy default_policy_pass_all"
Has anyone seen this before or have a better way of blocking commands?
RP/0/RSP1/CPU0:router1#conf t
Fri Sep 22 12:48:28.403 SAST
RP/0/RSP1/CPU0:router1(config)#route-policy default_policy_pass_all
Fri Sep 22 12:48:29.919 SAST
% WARNING: Policy object route-policy default_policy_pass_all' exists! Reconfiguring it via CLI will replace current definition. Use 'abort to cancel.
RP/0/RSP1/CPU0:router1(config-rpl)#end-policy
Command authorization failed
% Incomplete command.
RP/0/RSP1/CPU0:router1(config-rpl)#
RP/0/RSP1/CPU0:router1#conf t
Fri Sep 22 12:48:36.252 SAST
RP/0/RSP1/CPU0:router1(config)#route-policy default_policy_pass_all
Fri Sep 22 12:48:37.877 SAST
% WARNING: Policy object route-policy default_policy_pass_all' exists! Reconfiguring it via CLI will replace current definition. Use 'abort to cancel.
RP/0/RSP1/CPU0:router1(config-rpl)#
RP/0/RSP1/CPU0:router1(config)#sh configuration
Fri Sep 22 12:48:42.677 SAST
Building configuration...
!! IOS XR Configuration 5.3.3
!
route-policy default_policy_pass_all
end-policy
!
end
RP/0/RSP1/CPU0:router1(config)#
Kind Regards,
Hendrik
Solved! Go to Solution.
11-23-2017 02:49 AM
Good day,
In case anyone else has seen this issue:
So Cisco TAC confirmed that this issue is fixed in XR 6.1.4
https://cdetsng.cisco.com/webui/#view=CSCvb91497
Kind Regards,
Hendrik
11-23-2017 02:49 AM
Good day,
In case anyone else has seen this issue:
So Cisco TAC confirmed that this issue is fixed in XR 6.1.4
https://cdetsng.cisco.com/webui/#view=CSCvb91497
Kind Regards,
Hendrik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: