Re: ACSv3.3 problem with range if config

muratayas · ‎04-07-2010

Hi,

i have a problem with the command on Cisco Device when i configure a range of Interface then i have this messages:

% Authorization failed.

EYAMPLE: 1

rw-sw-19#conf t

Enter configuration commands, one per line. End with CNTL/Z.

rw-sw-19(config)#interface range Fa0/3 - 24

rw-sw-19(config-if-range)#switchport voice vlan 1201

% Authorization failed.

rw-sw-19(config-if-range)#power inline auto

% Authorization failed.

rw-sw-19(config-if-range)#end

EYAMPLE: 2

rw-sw-03(config)#interface range Fa0/2 - 48

rw-sw-03(config-if-range)#switchport voice vlan 1501

% Authorization failed.

rw-sw-03(config-if-range)#power inline auto

% Authorization failed.

rw-sw-03(config-if-range)#end

rw-sw-03#

I can reproduce this problem as often as you want.

Just enter the same commands.

The number of “ % Authorization failed” may differ, but you should be able to get them.

I have notice this, because I use a script to configure the VoIP VLAN on these switch.

I notice that this problem has ONLY happen on switch which are POE.

With the switch which are not POE, I did not see this problem up to now.

I look the Group setup on the ACS and see that the enable options is : Max Privilege for any AAA Client Level 15

Can it be an Tacacs problem or is this maybe a cisco device problem.

regards,

murat ayas

Jagdeep Gambhir · ‎04-07-2010

Do we see any hits in failed attempts of ACS? When ACS denies any request we get "Command Authorization failed" but here we see % Authorization failed.

Please enable debug and see if it tries to send authorization request to ACS or not. If there are no authorization debug then issue is with device it self.

debug tacacs

debug aaa authorization

Regards,

~JG

Do rate helpful posts

muratayas · ‎04-09-2010

Hi Gambhir,

i have now the switchlog and i see in the log a timeout. I attach this log, but i dont now what i can do :-(

regards,

murat