cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
261
Views
0
Helpful
1
Replies

router 2921 aaa post authorization status = error

oa9408301
Level 1
Level 1

Hello,

i have an ACS 5.4 in use. The used Authentication Protocols are TACACS.

When i want to authenticate a normal router 2921 with Mac-Address,

i try to configure a  router 2921 on ACS5.4 to authorize ACS internal user,but the autehntication reject the access.

is there any difference attribute and value between  router 2921 ?


Here are the AAA settings on the router

aaa authentication login ACS group tacacs+ line
aaa authorization console
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ none
aaa authorization commands 0 ACS group tacacs+ none
aaa authorization commands 1 ACS group tacacs+ none
aaa authorization commands 15 ACS group tacacs+ none
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 0 ACS start-stop group tacacs+
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+


tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key <key>

line vty 0 4
 exec-timeout 5 0
 privilege level 15
 authorization exec ACS
 accounting commands 0 ACS
 accounting commands 1 ACS
 accounting commands 15 ACS
 accounting exec ACS
 transport input telnet


Thanks!

1 Reply 1

nspasov
Cisco Employee
Cisco Employee

Can you share screenshots from the "Identity" and "Authorization" pages in the "Access Policies" section from your ACS?

Also, you should have the following command under your vty lines:

login authentication ACS

 

Thank you for rating helpful posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: