03-15-2013 11:51 PM
Hi,
i miss the aaa and tacacs command order.
Now i can access the nexus but i am not able to config.
C2-BAL-NEXUS# sho run | i tacacs
feature tacacs+
aaa group server tacacs+ ACS
tacacs-server directed-request
C2-BAL-NEXUS# sho run | i aaa
aaa group server tacacs+ ACS
snmp-server enable traps aaa server-state-change
aaa authentication login default group ACS
aaa authentication login console group ACS
aaa authorization config-commands default group ACS
aaa authentication login error-enable
the error messages!
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)
The reboot is very hard.
Any idea!!
Thank in advance!!
03-15-2013 11:52 PM
NEXUS 7010 SUP1 5.2.7
03-16-2013 12:14 AM
I have solved the problem!
03-16-2013 07:06 AM
Was it because you had no "tacacs-server key" entry?
03-18-2013 12:24 AM
Hi,
Yes!
The tacacs -server key and AAA server group were missing.
I found a little security hole ( or feature ) which permits the config in this case.
Regards,
03-10-2014 02:13 AM
can u guide us
how you solved
03-05-2014 08:03 PM
03-05-2014 08:55 PM
same issue for me
can u guide
AAA failed
but local username
sh run
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)
03-06-2014 03:55 AM
Hi,
The most important that copy xxx.txt startup/runnning is working in this case as well.
This command merges the startup config and the commands in xxx .txt without authorization.
I think the command uses the shell privilige level w/o AAA.
You may lose nothing if you try it.
br
03-06-2014 09:05 PM
can u pls guide me in
acs 5.4
for above said changes
03-06-2014 09:16 PM
we configured this at nexus 7010 & failed
nexus 7010:
tacacs-server key 7 "admin123"
tacacs-server host *.*.*.*
tacacs-server host *.*.*.*
aaa group server tacacs+ tacacs+
server *.*.*.*
server *.*.*.*
deadtime 10
source-interface Vlan**
aaa authentication login default group tacacs+
aaa authentication login console group tacacs+
aaa authorization config-commands default group tacacs+
aaa authorization commands default group tacacs+
aaa authorization config-commands console group tacacs+
aaa authorization commands console group tacacs+
aaa accounting default group tacacs+
03-07-2014 01:06 AM
Hi,
It seems to be good. Please check the AAA key.
03-07-2014 07:18 PM
key mismatch
we have configured in Nexus tac key with cote "****"
but acs 5.4 not able to add with cote as "****"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide