Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2263
Views
5
Helpful
4
Replies

Backup AAA for PIX

Go to solution
collinss
Level 1
Level 1

‎04-21-2003 10:27 AM - edited ‎03-10-2019 07:15 AM

I have a PIX with the following configuration:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host 192.168.1.1 77777 timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host 192.168.1.1 77777 timeout 10

aaa-server LOCAL protocol local

aaa authentication serial console TACACS+

aaa authentication enable console TACACS+

aaa authorization command TACACS+

aaa accounting match aaa_acl inside RADIUS

Everything works fine when the TACACS server is available. When it is not available, I can login with the username "PIX" and "password" just fine. The problem is, once I've logged in, I cannot get proper authorization to perform any commands. Does anyone know of a command similar to the "if-authenticated" for routers that I can use?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎04-21-2003 04:43 PM

There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎04-21-2003 04:43 PM

There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.

0 Helpful

Go to solution
collinss
Level 1
Level 1
In response to gfullage

‎04-22-2003 04:03 AM

That's what I was afraid of. Thanks for the help.

0 Helpful

Go to solution
aessome
Level 1
Level 1
In response to gfullage

‎04-28-2003 07:15 AM

Hello guys,

i cann´t get tihs commad througth my PIX 535: Authorization and Accounting

------------------------------------------------------

TKFW101(config)# aaa authorization command acs1

service must be: "telnet", "ftp", "http", "tcp/0", "none", or "tcp/###"

Type help or '?' for a list of available commands.

TKFW101(config)#

----------------------

how dit you get it on your PIX ? i am running pix 0s 6.1(4)

thanks for any help

AE

Go to solution
mhoda
Level 5
Level 5
In response to aessome

‎05-15-2003 02:22 PM

Hi,

On version 6.1.4, you don't have the command authorization option. Thats why you are unable to enter it. It was first introduced in 6.2 code. Thanks,

Mynul

0 Helpful
Customers Also Viewed These Support Documents