This one even puzzled the senior engineers who tried to point me in the right direction but alas…as usually in the Cisco world the fix is usually something minor and simple yet can cause hours of frustration!
This one had me banging my head on the keyboard for a good chunk of hours. After going back and forth between the senior guys, and still nada! So what are we looking at here? We have a Cisco ACE 4710 Load balancer and all this time everyone signed in locally. Why? We have a ACS server, so why not use that? Well apparently no one could get AAA working with it and local logins were fine.
The perfectionist in me knew there had to be a way.
After a bunch of google searches, many people had the same issue. No one really had a direct answer. I did find out docu though that stood out.
Scroll down to the ACE section.
I doubled checked the whole path. Policies, Access Policies, and even tracked TACACS AAA in the Monitoring and Reports but I was able to authenticate find to the ACE via CLI, but for some reason I could never get to global config mode. The ACE just spit out at me “invalid command” as if the config mode never exist! I was only able to get to user mode.
I look a look at the Policy that was being applied to my account. Evey thing was set to Priv level 15.
One thing that the article didn’t mention was the context name must be EXACT. “Admin” is NOT the same as “admin”. Once I popped that in, AAA started working!
Hope that helps someone out there!