topic aaa authorization and unavailable TACACS server scenario in Network Access Control https://community.cisco.com/t5/network-access-control/aaa-authorization-and-unavailable-tacacs-server-scenario/m-p/174789#M437042 <P>I have setup a PIX to authentication users for telnet and enable access. I have setup authorization so a subset of users can only run show commands. This all works as expected.</P><P></P><P>The problem is when I simulate and network outage and try to get console access to the PIX. I cannot run the enable command because the command cannot be authorized. I would have to use password recovery means to gain access to the PIX. How do I get around this? Can I have the command authorization handled locally? Can I associated the show command with a lower priveledge level? If so, how and how do I limit user to that privledge level (via TACACS)? What do I forfeit by doing so?</P><P></P><P>Thanks</P><P></P> Sun, 10 Mar 2019 14:12:24 GMT dladen 2019-03-10T14:12:24Z aaa authorization and unavailable TACACS server scenario https://community.cisco.com/t5/network-access-control/aaa-authorization-and-unavailable-tacacs-server-scenario/m-p/174789#M437042 <P>I have setup a PIX to authentication users for telnet and enable access. I have setup authorization so a subset of users can only run show commands. This all works as expected.</P><P></P><P>The problem is when I simulate and network outage and try to get console access to the PIX. I cannot run the enable command because the command cannot be authorized. I would have to use password recovery means to gain access to the PIX. How do I get around this? Can I have the command authorization handled locally? Can I associated the show command with a lower priveledge level? If so, how and how do I limit user to that privledge level (via TACACS)? What do I forfeit by doing so?</P><P></P><P>Thanks</P><P></P> Sun, 10 Mar 2019 14:12:24 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-and-unavailable-tacacs-server-scenario/m-p/174789#M437042 dladen 2019-03-10T14:12:24Z Re: aaa authorization and unavailable TACACS server scenario https://community.cisco.com/t5/network-access-control/aaa-authorization-and-unavailable-tacacs-server-scenario/m-p/174790#M437043 <HTML><HEAD></HEAD><BODY><P>If the PIX is configured for TACACS authentiaction and TACACS server is not available to authenticate, there is no way to fallback or get around of this issue at this time.</P><P>You can configure the pix to fallback to local authentication if tacacs is not available.</P><P>Next release (i think 6.3 and above) will have a that feature available.</P></BODY></HTML> Tue, 18 Mar 2003 23:24:07 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-and-unavailable-tacacs-server-scenario/m-p/174790#M437043 tepatel 2003-03-18T23:24:07Z