cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1296
Views
0
Helpful
12
Replies
Highlighted
Explorer

NEXUS TACACS AAA SOS PLS

Hi,

i miss the aaa and tacacs command order.

Now i can access the nexus but i am not able to config.

C2-BAL-NEXUS# sho run | i tacacs

feature tacacs+

aaa group server tacacs+ ACS

tacacs-server directed-request

C2-BAL-NEXUS# sho run | i aaa

aaa group server tacacs+ ACS

snmp-server enable traps aaa server-state-change

aaa authentication login default group ACS

aaa authentication login console group ACS

aaa authorization config-commands default group ACS

aaa authentication login error-enable

the error messages!

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

The reboot is very hard.

Any idea!!

Thank in advance!!

12 REPLIES 12
Highlighted
Explorer

NEXUS 7010 SUP1 5.2.7

Highlighted

I have solved the problem!

Highlighted

Was it because you had no "tacacs-server key" entry?

Highlighted

Hi,

Yes!

The tacacs -server key and AAA server group were missing.

I found a little security hole ( or feature ) which  permits the config in this case.

Regards,

Highlighted

can u guide us 

how you solved 

Highlighted
Beginner

I have same issue

pls guide what changes u done

by

subramani

subramanian.ntwengr@gmail.com

Thanks

Highlighted
Beginner

same issue for me

can u guide

AAA failed

but local username

sh run

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

Highlighted

Hi,

The most important that copy xxx.txt startup/runnning is working in this case as well.

This command merges the startup config and the commands in xxx .txt without authorization.

I think the command uses the shell privilige level w/o AAA.

You may  lose nothing if you try it.

br

Highlighted

can u pls guide me in

acs 5.4

for above said changes

Highlighted

we configured this at nexus 7010  & failed

nexus 7010:

tacacs-server key 7 "admin123"

tacacs-server host *.*.*.*

tacacs-server host *.*.*.*

aaa group server tacacs+ tacacs+

    server *.*.*.* 

    server *.*.*.* 

    deadtime 10

    source-interface Vlan**

aaa authentication login default group tacacs+

aaa authentication login console group tacacs+

aaa authorization config-commands default group tacacs+

aaa authorization commands default group tacacs+

aaa authorization config-commands console group tacacs+

aaa authorization commands console group tacacs+

aaa accounting default group tacacs+

Highlighted

Hi,

It seems to be good. Please check the AAA key.

Highlighted

key mismatch

we have configured in Nexus tac key with cote "****"

but acs 5.4 not able to add with cote as "****"

Content for Community-Ad
This widget could not be displayed.