cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2265
Views
5
Helpful
4
Replies

Backup AAA for PIX

collinss
Level 1
Level 1

I have a PIX with the following configuration:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host 192.168.1.1 77777 timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host 192.168.1.1 77777 timeout 10

aaa-server LOCAL protocol local

aaa authentication serial console TACACS+

aaa authentication enable console TACACS+

aaa authorization command TACACS+

aaa accounting match aaa_acl inside RADIUS

Everything works fine when the TACACS server is available. When it is not available, I can login with the username "PIX" and "password" just fine. The problem is, once I've logged in, I cannot get proper authorization to perform any commands. Does anyone know of a command similar to the "if-authenticated" for routers that I can use?

1 Accepted Solution

Accepted Solutions

gfullage
Cisco Employee
Cisco Employee

There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.

View solution in original post

4 Replies 4

gfullage
Cisco Employee
Cisco Employee

There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.

That's what I was afraid of. Thanks for the help.

Hello guys,

i cann´t get tihs commad througth my PIX 535: Authorization and Accounting

------------------------------------------------------

TKFW101(config)# aaa authorization command acs1

service must be: "telnet", "ftp", "http", "tcp/0", "none", or "tcp/###"

Type help or '?' for a list of available commands.

TKFW101(config)#

----------------------

how dit you get it on your PIX ? i am running pix 0s 6.1(4)

thanks for any help

AE

Hi,

On version 6.1.4, you don't have the command authorization option. Thats why you are unable to enter it. It was first introduced in 6.2 code. Thanks,

Mynul