03-06-2020 10:51 PM
Hello,
I trying out ISE device administration, wanted to restrict for a user to send command 'username', so below is how I set TACACS+ profile and command sets.
TACACS+ profile
priv-lvl=4
command set
But when I tried to login, command username successfully get passed. Am I configuring it wrong, please guide.
Below username command actually sent without AAA error.
nexus88# config t
Enter configuration commands, one per line. End with CNTL/Z.
nexus88(config)# username ISE
warning: password for user:ISE not set. S/he may not be able to login
user steve does not have domain access to config Mo, class aaaUser
nexus88(config)# do sh ip int brief
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
nexus88(config)#
Thanks,
Mohan
03-07-2020 06:51 AM
Hi,
You gave not too much info to help out. Check that both Nexus and ISE are configured properly first. Look here, in the Nexus section:
Regards,
Cristian Matei.
06-13-2020 06:22 AM
06-13-2020 07:00 AM
As Christian has mentioned you have not provided enough information on the issue you are facing. Check the TACACS live logs to see what policy and command set is being used.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide