11-19-2013 01:34 PM - edited 03-10-2019 09:06 PM
Hi,
I am using the below command structure the same as all of other routers. However, when I attempt to type commands it says "Authorization failed." The only difference between this routers and our others is it is an Cisco ASR1001. Is there any special configuration required for this router that I am missing?
aaa authentication login default group TACACS-SERVERS local
aaa authorization exec default group TACACS-SERVERS local
aaa authorization commands 1 default group TACACS-SERVERS local
aaa authorization commands 15 default group TACACS-SERVERS local
aaa accounting exec default start-stop group TACACS-SERVERS
aaa accounting commands 1 default start-stop group TACACS-SERVERS
aaa accounting commands 15 default start-stop group TACACS-SERVERS
aaa accounting connection default start-stop group TACACS-SERVERS
aaa accounting system default start-stop group TACACS-SERVERS
Solved! Go to Solution.
11-19-2013 06:55 PM
When you log in to the router are you authenticating with your TACACS credentials or with the local credentials? I am guessing that it is the local credentials and that the router is not authenticating or authorizing with the TACACS server. If that is correct you should investigate and find the cause of the failure to use TACACS.
I would also suggest a change that might be helpful. Change this line from
aaa authorization commands 15 default group TACACS-SERVERS local
to
aaa authorization commands 15 default group TACACS-SERVERS if-authenticated
HTH
Rick
11-19-2013 06:55 PM
When you log in to the router are you authenticating with your TACACS credentials or with the local credentials? I am guessing that it is the local credentials and that the router is not authenticating or authorizing with the TACACS server. If that is correct you should investigate and find the cause of the failure to use TACACS.
I would also suggest a change that might be helpful. Change this line from
aaa authorization commands 15 default group TACACS-SERVERS local
to
aaa authorization commands 15 default group TACACS-SERVERS if-authenticated
HTH
Rick
11-20-2013 05:59 AM
Thanks a bunch! Issues fixed!
11-20-2013 08:18 AM
I am glad that the issue is fixed and that my suggestion was helpful. Thank you for posting back to the forum to let us know that it is fixed and for using the rating system to mark this question as answered.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide