Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
1
Replies

6509 VSS authorization failure

chris
Level 1
Level 1

‎02-15-2010 02:50 PM - edited ‎03-10-2019 04:57 PM

Hi,

We have a 6509 VSS, it was previously running aaa, but it was removed, i'm trying to apply the aaa new model again but command authorisation is failing and i dont understand why.

When aaa new model is entered all the previous config comes back which is

aaa new-model

aaa authentication login default group tacacs+ line ( i alter line to local after the config appears by magic)

aaa authentication enable default group tacacs+ enable

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

No tacacs server is defined, i can telnet to the switch authenticate useing the local username and password and enter enable mode, but every commmand i try gives "command autorization failure". I have the same config about on numerous other switches that work ok.

Why doesnt aaa authorization commands 15 default group tacacs+ if-authenticated give me authorisation as i have authenticated locally and this works on 15 other switches

Do i need to enter other aaa commands?

I'm confused.

Thanks

Labels:
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents