Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4794
Views
10
Helpful
4
Replies

ACS 5.2 - Unable to Map Command Set to Shell Profile

Go to solution
millerdl
Level 1
Level 1

‎06-01-2012 09:48 AM - edited ‎03-10-2019 07:09 PM

Hi everyone,

I am in the process of setting up ACS 5.2 for a network and have run into an issue when attempting to apply the following aaa commands to a network device:

aaa authorization exec default group tacacs+ local if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ local if-authenticated

      

Once the commands have been applied to the device configuration I get "command authorization failed" when attempting to do anything.  Taking a quick look at the TACACS Authorization reports I see a failure reason of "13025 Command failed to match a Permit rule" and under the Selected Command Set "DenyAllCommands" is listed. 

After doing a bit of searching, I noticed some articles online that indicate I should be able to specify the appropriate command set to the authorization profile under the Default Device Admin policy.  However, when I open up a Device Aministration Authorization Policy, nowhere in the window does it display command sets that I can select from. 

Any thoughts?  Is there something I'm missing somewhere else?  Thank you in advance for your assistance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mauzamor
Level 1
Level 1

‎06-01-2012 10:28 AM

Hi there,

This is a very common situation, the problem here is that the Command Set option is not enabled by default. You need to customize the Authorization page using the "Customize button" at the bottom right of the page. Move the "Command Set" option to the right and click Submit, check the screenshots below:

After that you will be able to assign the "Command Set" value.

Rate if it helps!

View solution in original post

4 Replies 4

Go to solution
mauzamor
Level 1
Level 1

‎06-01-2012 10:28 AM

Hi there,

This is a very common situation, the problem here is that the Command Set option is not enabled by default. You need to customize the Authorization page using the "Customize button" at the bottom right of the page. Move the "Command Set" option to the right and click Submit, check the screenshots below:

After that you will be able to assign the "Command Set" value.

Rate if it helps!

Go to solution
millerdl
Level 1
Level 1
In response to mauzamor

‎06-01-2012 02:17 PM

Thank you kindly Mauricio!  That remedied the issue and I'm now in business.

Best Regards,

Dan Miller

0 Helpful

Go to solution
alexandersoliz
Level 1
Level 1
In response to mauzamor

‎08-24-2012 08:45 AM

Thank you mauricio!!!, I was like 2 hours trying to figure out by my  seft! but I couldnt, Why isnt this option enabled by default!!

0 Helpful

Go to solution
lmediavilla
Level 1
Level 1
In response to mauzamor

‎08-30-2012 12:44 AM

Thank you, this has helped me a lot!

0 Helpful
Customers Also Viewed These Support Documents