cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5374
Views
10
Helpful
4
Replies

ACS 5.2 - Unable to Map Command Set to Shell Profile

millerdl
Level 1
Level 1

Hi everyone,

I am in the process of setting up ACS 5.2 for a network and have run into an issue when attempting to apply the following aaa commands to a network device:

aaa authorization exec default group tacacs+ local if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ local if-authenticated

      

Once the commands have been applied to the device configuration I get "command authorization failed" when attempting to do anything.  Taking a quick look at the TACACS Authorization reports I see a failure reason of "13025 Command failed to match a Permit rule" and under the Selected Command Set "DenyAllCommands" is listed. 

After doing a bit of searching, I noticed some articles online that indicate I should be able to specify the appropriate command set to the authorization profile under the Default Device Admin policy.  However, when I open up a Device Aministration Authorization Policy, nowhere in the window does it display command sets that I can select from. 

Any thoughts?  Is there something I'm missing somewhere else?  Thank you in advance for your assistance.

1 Accepted Solution

Accepted Solutions

mauzamor
Level 1
Level 1

Hi there,

This is a very common situation, the problem here is that the Command Set option is not enabled by default. You need to customize the Authorization page using the "Customize button" at the bottom right of the page. Move the "Command Set" option to the right and click Submit, check the screenshots below:

After that you will be able to assign the "Command Set" value.

Rate if it helps!

View solution in original post

4 Replies 4

mauzamor
Level 1
Level 1

Hi there,

This is a very common situation, the problem here is that the Command Set option is not enabled by default. You need to customize the Authorization page using the "Customize button" at the bottom right of the page. Move the "Command Set" option to the right and click Submit, check the screenshots below:

After that you will be able to assign the "Command Set" value.

Rate if it helps!

Thank you kindly Mauricio!  That remedied the issue and I'm now in business.

Best Regards,

Dan Miller

Thank you mauricio!!!, I was like 2 hours trying to figure out by my  seft! but I couldnt, Why isnt this option enabled by default!!

Thank you, this has helped me a lot!