07-31-2006 05:21 AM - edited 03-10-2019 02:41 PM
I've configured the 2950 as below and configured ACS correctly and I can login to the 2950 using this config, the problem lies after I go into enable and try any command I get the following error Command authorization failed.
What have I missed out of the config that will allow me to run any commands?
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
tacacs-server host ***.***.***
tacacs-server key 7 ***********
Thanks in advance.
Jon
Solved! Go to Solution.
07-31-2006 05:53 AM
Hi Jon,
The switch's AAA looks ok, maybe you need to take a look at your ACS.
Check the following info, where you might need to apply it into your ACS config:
rgds,
AK
07-31-2006 05:53 AM
Hi Jon,
The switch's AAA looks ok, maybe you need to take a look at your ACS.
Check the following info, where you might need to apply it into your ACS config:
rgds,
AK
07-31-2006 08:31 AM
I will agree with AK that I do not see any obvious problems with the aaa configuration on the switch. I note that you specify authorization for level 15 commands. My guess is that in the configuration of ACS you are not allowing these commands for this user ID. A quick way to verify this would be to remove the aaa authorization for level 15 commands from the switch config and see if the behavior changes.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide