Dear Community,
We currently utilize Cisco ISE 2.4 for TACACS implementation to authorize user access to network devices. We are encountering a challenge during the migration process from a Cisco C3900 router to a new Router C8300 while maintaining the same TACACS configuration on both routers.
Upon successful user authentication for accessing the Cisco C8300 router, we encounter an '%Authorization Failed' error when attempting to execute any command.
================================================================
Configuration on both Routers for TACACS:
no logging console
enable password *****
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
!
ip tacacs source-interface Port-channel1
!
tacacs-server host X.X.X.X
tacacs-server key ******
================================================================
Configuration on Cisco ISE for TACACS is attached
Version: 2.4.0.357
Installed Patches: 9
Product Identifier (PID): ISE-VM-K9
Version Identifier (VID): V01
ADE-OS Version: 3.0.4.070
===============================================================
NOTE: it's working fine with Router C3900
We appreciate your assistance in identifying and resolving the underlying issue.
Sincerely
Omran Mohamed
.png){kind=link}
.png){kind=link}