Showing results for 
Search instead for 
Did you mean: 

unreachable tacacs server


I was trying to remove old tacacs servers and add new servers on my switch as well as enable authorization. Unfortunately I remove all the tacacs-servers without putting the new server in the configuration. I am now locked out of the command set to revert the configuration change. Since there is no tacacs server configured to authorize my commands I am getting a authorization error:


sjDS01_720(config)#aaa authorization config-commands 

% Authorization failed.


How can I recover from this situation? I can ssh and connect via console but I cannot enable up. The window which I was in configuration terminal is still in conf t but I cannot use any commands because of the authorization command I entered:


aaa authorization config-commands
aaa authorization commands 15 default group tacacs+ 


The local accounts configured also can connect but cannot enable up. Here are the configurations settings prior to entering the commands above and deleting the tacacs server:

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login NO_AUTHENT local
aaa authentication login access local line group tacacs+
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+


0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers