Hi,
We have a 6509 VSS, it was previously running aaa, but it was removed, i'm trying to apply the aaa new model again but command authorisation is failing and i dont understand why.
When aaa new model is entered all the previous config comes back which is
aaa new-model
aaa authentication login default group tacacs+ line ( i alter line to local after the config appears by magic)
aaa authentication enable default group tacacs+ enable
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
No tacacs server is defined, i can telnet to the switch authenticate useing the local username and password and enter enable mode, but every commmand i try gives "command autorization failure". I have the same config about on numerous other switches that work ok.
Why doesnt aaa authorization commands 15 default group tacacs+ if-authenticated give me authorisation as i have authenticated locally and this works on 15 other switches
Do i need to enter other aaa commands?
I'm confused.
Thanks