Long ago, I had a AAA paragraph on all of my routers that resembled:
aaa authentication login default group tacacs+ local
aaa authentication login console line
aaa authentication login HTTPonly group tacacs+ local
aaa authentication ppp default local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec HTTPonly group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization commands 15 HTTPonly group tacacs+ local
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa accounting network default
action-type start-stop
group tacacs+
!
aaa accounting connection default
action-type start-stop
group tacacs+
!
aaa accounting system default
action-type start-stop
group tacacs+
We've since updated the AAA paragraph to be a bit more modern, namely:
aaa new-model
aaa group server tacacs+ ADMIN
server name mwacs5
server name mbacs5
ip tacacs source-interface Vlan255
aaa authentication login default group ADMIN local
aaa authorization exec default group ADMIN if-authenticated
aaa authorization exec default group ADMIN if-authenticated
aaa accounting update newinfo periodic 2880
aaa accounting exec default start-stop group ADMIN
aaa accounting connection default start-stop group ADMIN
aaa accounting system default start-stop group ADMIN
This works fine everywhere except on our 4451 ISR routers, which are running IOS 15.4.3 (universal). The old version works fine on the 4451, but we want one template that works everywhere. What is different about these guys?