Hi Cisco Community, hope you can help me, i have this issue driving me crazy i just replaced 3650 dual stack switches with 9300 copied and pasted as i did for other switches but since then i am able to remote switch via SSH with local credentials but got below error with all CLI commands, also TACACS logon doesn't work but 2960 switches all working fine local/TACACS

login as: admin
Using keyboard-interactive authentication.
Password:

SWCORE>en
Password:
SWCORE#sh run
Command authorization failed.

SWCORE#

no problem when logging via console with local admin, see below aaa/TACACs settings

aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login async none
aaa authentication ppp default local
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!

!
line con 0
session-timeout 5
exec-timeout 5 0
stopbits 1
line vty 0 4
session-timeout 5
access-class 95 in
exec-timeout 5 0
length 0
transport preferred none
transport input ssh
transport output ssh
line vty 5 15
no exec
transport input none
!

Thanks for the Help

John