Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
3
Replies

AAA problem with Nexus

Go to solution
tiwang
Level 3
Level 3

‎12-29-2010 02:36 AM - edited ‎03-10-2019 05:40 PM

Hi out there

I am trying to get the config right on our nexus switches to use our local ACS server for authentication and command authorization. I of course want to make yuse of a local user-database if the connection to the central ACS server fails. But I cannot get the syntax correctly - can some please see what I am doing wrong here - se here - I have defined this on my nexus 5020:

I have defined a tacacs+ group named TACSRV

aaa group server tacacs+ TACSRV

aaa authentication login default group TACSRV

aaa authentication login console local

aaa authorization commands default group TACSRV

aaa authentication login error-enable

how should it look to first ask the servers in TACSRV and if not succesfully the local database?

best regards /ti

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7

‎12-29-2010 03:46 AM

Hello ,

You should add at the end of each authentication and authorization set "local"

Like this :

aaa authentication login default group TACSRV local
aaa authorization config-commands default group TACSRV local
aaa authorization commands default group TACSRV local

Dan

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7

‎12-29-2010 03:46 AM

Hello ,

You should add at the end of each authentication and authorization set "local"

Like this :

aaa authentication login default group TACSRV local
aaa authorization config-commands default group TACSRV local
aaa authorization commands default group TACSRV local

Dan

0 Helpful

Go to solution
tiwang
Level 3
Level 3

‎12-29-2010 03:47 AM

hi out there

ok - too stupid - it is of course just the cli which doesn't show me the possibilty - the correct syntax is

aaa authorization commands default group TACSRV local

but - how can I use this command

aaa authorization commands default group TACSRV local

Can I define a collection of commands which is not default? Or what is this keyword intended to be used for?

0 Helpful

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7
In response to tiwang

‎12-29-2010 03:50 AM

Hi ,

For now , as far as i now , there is no posibility to configure the level commands as on IOS

You have only : 

  commands         Authorization for all exec-mode comamnds
  config-commands  Authorization for config comamnds

Dan

0 Helpful
Customers Also Viewed These Support Documents