Solved: aaa authorization

elite2010 · ‎11-19-2019

Hi,

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 10 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

Am I missing any commands from the above. What if tacacs (ise failed ), All the commands will be authorized ? .

I want users will be able to login and enter commands in case tacacs failed ?

Thanks

Anurag Sharma · ‎11-20-2019

Assuming you already have the aaa authentication commands in place, I have a small suggestion:

aaa authorization commands 10 default group tacacs+ local

Change it to:

aaa authorization commands 1 default group tacacs+ local

Once you configure (one or more) privilege level 15 user, locally on the switch, it will work fine in case of TACACS server going unresponsive.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Anurag Sharma · ‎11-20-2019

Assuming you already have the aaa authentication commands in place, I have a small suggestion:

aaa authorization commands 10 default group tacacs+ local

Change it to:

aaa authorization commands 1 default group tacacs+ local

Once you configure (one or more) privilege level 15 user, locally on the switch, it will work fine in case of TACACS server going unresponsive.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.