[c-nsp] PIX or ASA Privilege level access issue
Edward Iong
edward_iong_ at hotmail.com
Fri Nov 19 00:50:08 EST 2010
Dear All,
We have encouter an issue as we Assign Privilege Levels in PIX or ASA with Microsoft IAS server.
We plan to set RO and RW access for users to have different privilege levels to access Cisco devices.
We have tested that Switch and Router does not have the RO(router>)non-privilege level issue. But in ASA/PIX using user account which is in the RO group which has set "shell:priv-lvl=1 or 5" can access the privilege mode (prompt is router#)
itestmo is a RO group
>From PIX or ASA.
"
Username: ittestmo
Password: *******
Type help or '?' for a list of available commands.
MOOFFW01> EN
Password: *******
MOOFFW01#
"
>From Switch or router
"
User Access Verification
Username: ittestmo
Password:
MOOFSW01>EN
Password:
% Access denied
MOOFSW01>
"
Could anyone let me know how to use this issue?
Thanks and Regards,
Edward
More information about the cisco-nsp
mailing list