cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

938
Views
0
Helpful
3
Replies
Highlighted
Beginner

TACACS+ Authorization Failed ASR1001

Hi,

I am using the below command structure the same as all of other routers. However, when I attempt to type commands it says "Authorization failed." The only difference between this routers and our others is it is an Cisco ASR1001. Is there any special configuration required for this router that I am missing?

aaa authentication login default group TACACS-SERVERS local

aaa authorization exec default group TACACS-SERVERS local

aaa authorization commands 1 default group TACACS-SERVERS local

aaa authorization commands 15 default group TACACS-SERVERS local

aaa accounting exec default start-stop group TACACS-SERVERS

aaa accounting commands 1 default start-stop group TACACS-SERVERS

aaa accounting commands 15 default start-stop group TACACS-SERVERS

aaa accounting connection default start-stop group TACACS-SERVERS

aaa accounting system default start-stop group TACACS-SERVERS

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

TACACS+ Authorization Failed ASR1001

When you log in to the router are you authenticating with your TACACS credentials or with the local credentials? I am guessing that it is the local credentials and that the router is not authenticating or authorizing with the TACACS server. If that is correct you should investigate and find the cause of the failure to use TACACS.

I would also suggest a change that might be helpful. Change this line from

aaa authorization commands 15 default group TACACS-SERVERS local

to

aaa authorization commands 15 default group TACACS-SERVERS if-authenticated

HTH

Rick

HTH

Rick

View solution in original post

3 REPLIES 3
Highlighted
Hall of Fame Master

TACACS+ Authorization Failed ASR1001

When you log in to the router are you authenticating with your TACACS credentials or with the local credentials? I am guessing that it is the local credentials and that the router is not authenticating or authorizing with the TACACS server. If that is correct you should investigate and find the cause of the failure to use TACACS.

I would also suggest a change that might be helpful. Change this line from

aaa authorization commands 15 default group TACACS-SERVERS local

to

aaa authorization commands 15 default group TACACS-SERVERS if-authenticated

HTH

Rick

HTH

Rick

View solution in original post

Highlighted
Beginner

TACACS+ Authorization Failed ASR1001

Thanks a bunch! Issues fixed!

Highlighted
Hall of Fame Master

TACACS+ Authorization Failed ASR1001

I am glad that the issue is fixed and that my suggestion was helpful. Thank you for posting back to the forum to let us know that it is fixed and for using the rating system to mark this question as answered.

HTH

Rick

HTH

Rick