Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1080
Views
0
Helpful
3
Replies

AAA Problem when WAN is offline

Go to solution
warwick.kane
Level 1
Level 1

‎12-20-2006 07:13 PM - edited ‎03-10-2019 02:53 PM

Hi All,

I have a problem at the moment logging into a router while the WAN is offline. TACACS+ works fine when the WAN is up but when its down i get prompted for a password which i enter and then get authorisation failed...

Here is the AAA config

aaa authentication login default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to a.kiprawih

‎12-21-2006 07:39 AM

Specifying local as a backup method for authorization may get around this problem, but does it not require that local user IDs and passwords be configured? Since the authentication login did not use the local IDs as backup I wonder about the logic of doing this for authorization. I have had good success by configuring authorization like this:

aaa authorization exec default group tacacs+ if-authenticated

which will bypass authorization processing if TACACS is not available and if the user has successfully authenticated.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
a.kiprawih
Level 7
Level 7

‎12-20-2006 07:31 PM

Try adding 'local' to the end of line:

aaa authorization exec default group tacacs+ local

The 'local' refers to the local database for authorization.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to a.kiprawih

‎12-21-2006 07:39 AM

Specifying local as a backup method for authorization may get around this problem, but does it not require that local user IDs and passwords be configured? Since the authentication login did not use the local IDs as backup I wonder about the logic of doing this for authorization. I have had good success by configuring authorization like this:

aaa authorization exec default group tacacs+ if-authenticated

which will bypass authorization processing if TACACS is not available and if the user has successfully authenticated.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
warwick.kane
Level 1
Level 1
In response to Richard Burts

‎12-21-2006 02:51 PM

Thanks for that Rick, Your logic is correct and it has fixed my problem. Much appreicated.

0 Helpful
Customers Also Viewed These Support Documents