This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am trying to provide limited access on Nexus 7k using ACS 5.4 via TACACS. I used the following in my shell profile
REQUIREMENT: mandatory (even tried optional)
Everything seems to work, but I cannot ping/traceroute and receive this error, from the Nexus 7k.
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
Could you share the AAA configuration on the Nexus?
aaa authentication login default group CORP_ACS
aaa authentication login console local
aaa authorization commands default group CORP_ACS local
aaa accounting default group CORP_ACS
aaa authentication login error-enable
aaa group server tacacs+ CORP_ACS
You should not have command authorization when you use RBAC.
Kindly remove: aaa authorization commands default group CORP_ACS local
and check again.