https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306535#M418975 <P>Hi,I have configured command authorization in my ASA with tacacs and also i have configured shell command authorization for different users in ACS4.2. when im using ACS for command authorization there is no problem ,but when i disconnect my connection to ACS from ASA, i stock in configuration even i have configured aaa authorization command TACACS LOCAL but when connection to ACS is lost i get very limited access to my asa(LOCAL is configured end of the above command) also i have configured user with Priv 15 so when i log in to my asa with this local user i have limited access even its Priv level is 15,so do i have to configure any thing else to give me full access in level 15 when there is no access to ACS and aaa authorization command &lt;server group&gt; LOCAL is configured?? thanks</P> Sun, 10 Mar 2019 23:43:40 GMT blackhat2020 2019-03-10T23:43:40Z https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306535#M418975 <P>Hi,I have configured command authorization in my ASA with tacacs and also i have configured shell command authorization for different users in ACS4.2. when im using ACS for command authorization there is no problem ,but when i disconnect my connection to ACS from ASA, i stock in configuration even i have configured aaa authorization command TACACS LOCAL but when connection to ACS is lost i get very limited access to my asa(LOCAL is configured end of the above command) also i have configured user with Priv 15 so when i log in to my asa with this local user i have limited access even its Priv level is 15,so do i have to configure any thing else to give me full access in level 15 when there is no access to ACS and aaa authorization command &lt;server group&gt; LOCAL is configured?? thanks</P> Sun, 10 Mar 2019 23:43:40 GMT https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306535#M418975 blackhat2020 2019-03-10T23:43:40Z https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306536#M418976 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Please check this known bug,</P><P></P><P>CSCsj56051 Bug Details</P><P></P><P>AAA authorization commands LOCAL fallback broken</P><P></P><P>Symptom:</P><P>aaa authorization fallback to LOCAL fails, blocking some commands to be executed and displaying "Command authorization failed" error message even though local authorization should be granted.</P><P></P><P>Conditions:</P><P>TACACS+ server communication is lost, LOCAL is configured next in the list.</P><P></P><P>Workaround:</P><P>none.</P><P></P><P>Further Problem Description:</P><P>7.2.2 does not show this behavior.</P><P></P><P>8.0(3) does not show this behavior.</P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts </P><P></P><P></P></BODY></HTML> Fri, 09 Oct 2009 12:42:48 GMT https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306536#M418976 Jagdeep Gambhir 2009-10-09T12:42:48Z https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306537#M418977 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Further to JG update; I also came across this defect and i did a lab recreate for LOCAL command authorization on 8.0.3 and confirmed the issue has fixed.</P><P></P><P>Now with your current config and code 8.0.x you can access or run any command with privilege 15 user. However for read only access with LOCAL authorization you need to update your config with lots of command.</P><P></P><P>HTH</P><P></P><P>JK</P><P></P><P>Plz rate helpful posts-</P></BODY></HTML> Fri, 09 Oct 2009 13:01:11 GMT https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306537#M418977 Jatin Katyal 2009-10-09T13:01:11Z https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306538#M418978 <HTML><HEAD></HEAD><BODY><P>Thank you guys very much,but what about FWSM 3.2 image?becuse now I'm going to config it on 3.2 os!</P></BODY></HTML> Fri, 09 Oct 2009 13:20:41 GMT https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306538#M418978 blackhat2020 2009-10-09T13:20:41Z https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306539#M418979 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>&nbsp;&nbsp; I had the same problem and found out that the problem exists on 8.0.2</P><P>I had to downgrade to 7.2.1, remove aaa authorization command and reboot to 8.0.2 again to have normal rights.</P><P></P><P>Kind regards</P></BODY></HTML> Thu, 11 Nov 2010 08:26:47 GMT https://community.cisco.com/t5/network-access-control/asa-local-command-authorization-problem/m-p/1306539#M418979 Feidopiastis.n 2010-11-11T08:26:47Z