11-05-2013 02:01 AM
Hi ,
I have configured my ACE Mod 30 with Admin and some basic settings for Web filtering contexts. After putting the delta configurations for syncing...
Configuration mode is showing disabled @ standby ACE, which is correct and as expected.
But even on the active ACE, I got a log message that configuration mode is enabled for all contexts. But when i try to get in to configure terminal mode... it is not getting me in.
OS: A4.23
lb-p01/Admin# ?
Exec commands:
changeto Changeto another context
configure Enter configuration mode
dir Directory listing for files
exit Exit from the EXEC
invoke Invoke commands in other contexts from admin context
ping Send echo messages
show Show running system information
ssh SSH to another system
terminal Set terminal line parameters
traceroute Trace route to destination
xml-show Display xmlized show command result in xml
lb-p01/Admin#
lb-p01/Admin# config?
% invalid command
I am totally new to ACE module impleemntation. Request your support or help in getting this fixed.
Regards
Karthikeyan N
Solved! Go to Solution.
11-05-2013 02:49 AM
Hi Karthikeyan,
can you execute show users command and check what is the role ? If the role is network-monitor you cannot get into config mode. If you do not explicitly assign a role to a user with the username command, this is the default role.
Please check the following link to understand more about pre-defined roles:
Hope this helps.
Thanks,
Rajesh
11-05-2013 02:18 AM
Hi Karthikeyan,
Hope you have tried the commad "conf t" in the Admin context. When you try this command what is the error message displayed ?
Thanks,
Rajesh.
11-05-2013 02:38 AM
Hi Rajesh,
On to the active module it says
lb-p01/Admin# conf t
^
% invalid command detected at '^' marker.
lb-p01/Admin# configure terminal
^
% invalid command detected at '^' marker.
lb-p01/Admin# ?
Exec commands:
changeto Changeto another context
configure Enter configuration mode
dir Directory listing for files
exit Exit from the EXEC
invoke Invoke commands in other contexts from admin context
ping Send echo messages
show Show running system information
ssh SSH to another system
terminal Set terminal line parameters
traceroute Trace route to destination
xml-show Display xmlized show command result in xml
lb-p01/Admin#
But the on the standby unit. am getting the expected response that configuration option is disabled when i prompt for conf t.
Ideally it should take me on to conf t mode, when i put conf t on active ace module right???
Regards
Karthikeyan.N
11-05-2013 02:49 AM
Hi Karthikeyan,
can you execute show users command and check what is the role ? If the role is network-monitor you cannot get into config mode. If you do not explicitly assign a role to a user with the username command, this is the default role.
Please check the following link to understand more about pre-defined roles:
Hope this helps.
Thanks,
Rajesh
11-05-2013 02:56 AM
Hi Rajesh,
I have tried removing the tacacs server configs just before you replied me. But yes, you are correct. It doesn't allow me as a admin user when i come via tacacs. Let me go through the document and update you further if i need more support from you on this issue.
Regards
Karthikeyan
11-05-2013 03:04 AM
Hi Rajesh,
Could you please help me in defining the tacacs based authentication for ACE modules with admin previlege. How to do that. The document which you have shared is creating that on the local database of ACE.
Regards
Karthikeyan
11-05-2013 03:53 AM
Hi Karthikeyan,
Here's an example of tacacs configuration on ACE:
tacacs-server host 1.1.1.1 key XXXXXXXX
tacacs-server host 2.2.2.2 key XXXXXXXX
tacacs-server timeout 10
aaa group server tacacs+ MYTACACS
server 1.1.1.1
server 2.2.2.2
aaa authentication login default group MYTACACS local
aaa authentication login console group MYTACACS local
aaa accounting default group MYTACACS
Hope this helps.
Thanks,
Rajesh.
11-05-2013 05:04 AM
Hi Rajesh,
I have the similar configuration only on my ACE LB. But when i login with my tacacs, i get only Network-Monitor level access. Is that anything needs to be done on TACACS server... I believe in tacacs, its is default been set as level 15 for my id. Please advice me on the same.
tacacs-server key abcd1234wxyz
tacacs-server timeout 6
tacacs-server host 10.9.16.191
tacacs-server host 10.9.15.251
aaa group server tacacs+ TacServers
server 10.9.16.191
server 10.9.15.251
!
context Admin
description ACE Administrative Context
aaa authentication login default group TacServers local
aaa authentication login console group TacServers local
aaa accounting default group TacServers local
aaa authentication login error-enable
!
11-05-2013 05:10 AM
Hi Karthilkeyan,
I found this existing thread which explains what needs to be done on the TACACS server if its an ACS:
https://supportforums.cisco.com/thread/2041390
Hope this helps.
Thanks,
Rajesh.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide