https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180679#M436824 <HTML><HEAD></HEAD><BODY><P>There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.</P></BODY></HTML> Mon, 21 Apr 2003 23:43:29 GMT gfullage 2003-04-21T23:43:29Z https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180678#M436823 <P>I have a PIX with the following configuration:</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server TACACS+ (inside) host 192.168.1.1 77777 timeout 5</P><P>aaa-server RADIUS protocol radius</P><P>aaa-server RADIUS (inside) host 192.168.1.1 77777 timeout 10</P><P>aaa-server LOCAL protocol local</P><P>aaa authentication serial console TACACS+</P><P>aaa authentication enable console TACACS+</P><P>aaa authorization command TACACS+</P><P>aaa accounting match aaa_acl inside RADIUS</P><P>Everything works fine when the TACACS server is available. When it is not available, I can login with the username "PIX" and "password" just fine. The problem is, once I've logged in, I cannot get proper authorization to perform any commands. Does anyone know of a command similar to the "if-authenticated" for routers that I can use?</P> Sun, 10 Mar 2019 14:15:43 GMT https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180678#M436823 collinss 2019-03-10T14:15:43Z https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180679#M436824 <HTML><HEAD></HEAD><BODY><P>There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.</P></BODY></HTML> Mon, 21 Apr 2003 23:43:29 GMT https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180679#M436824 gfullage 2003-04-21T23:43:29Z https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180680#M436825 <HTML><HEAD></HEAD><BODY><P>That's what I was afraid of. Thanks for the help.</P></BODY></HTML> Tue, 22 Apr 2003 11:03:47 GMT https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180680#M436825 collinss 2003-04-22T11:03:47Z https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180681#M436826 <HTML><HEAD></HEAD><BODY><P>Hello guys,</P><P>i cann´t get tihs commad througth my PIX 535: Authorization and Accounting</P><P>------------------------------------------------------</P><P>TKFW101(config)# aaa authorization command acs1</P><P>service must be: "telnet", "ftp", "http", "tcp/0", "none", or "tcp/###"</P><P>Type help or '?' for a list of available commands.</P><P>TKFW101(config)# </P><P>----------------------</P><P>how dit you get it on your PIX ? i am running pix 0s 6.1(4)</P><P>thanks for any help</P><P>AE</P><P></P></BODY></HTML> Mon, 28 Apr 2003 14:15:45 GMT https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180681#M436826 aessome 2003-04-28T14:15:45Z https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180682#M436827 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>On version 6.1.4, you don't have the command authorization option. Thats why you are unable to enter it. It was first introduced in 6.2 code. Thanks,</P><P></P><P>Mynul</P></BODY></HTML> Thu, 15 May 2003 21:22:20 GMT https://community.cisco.com/t5/network-access-control/backup-aaa-for-pix/m-p/180682#M436827 mhoda 2003-05-15T21:22:20Z