Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1425
Views
0
Helpful
3
Replies

TACACS: first command authentication failed

Andreas Birlenbach
Level 1
Level 1

‎04-16-2010 12:01 PM - edited ‎03-10-2019 05:04 PM

Greetings!

I need your support. We are using TACACS in our environment to access the network devices. Now when I want to connect to the 6500 which is running in VSS mode, I can login successfully. However, the first command I initiate, is prompted back with the "Command authorization failed." message. If I repeat the same command directly, everything is fine and the command is running well. This is only for the first command.

On any other switches we have the same configuration and don't see this. This IOS is Version 12.2(33)SXI2a.

Any Idea how I can resolve this issue?

Cheers

Andreas

Labels:
0 Helpful
3 Replies 3

yjdabear
VIP Alumni
VIP Alumni

‎04-16-2010 04:27 PM

That seems to be the Bootstrap image version. I'd guess it's actually running some sort of IOS 12.2(33)SX?#. Can you post the "show version" and all AAA-related configs ("x"-ing out the sensitive bits of course).

0 Helpful

Andreas Birlenbach
Level 1
Level 1
In response to yjdabear

‎04-18-2010 11:47 PM

Hi,

here we go:

sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)

all AAA-related configs

aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 7 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
aaa authentication login default group tacacs+ local
ip tacacs source-interface Vlan...
tacacs-server host ... single-connection
tacacs-server host ... single-connection
tacacs-server directed-request

Thanks

Andreas

0 Helpful

Andreas Birlenbach
Level 1
Level 1
In response to Andreas Birlenbach

‎05-05-2010 03:59 AM

Hey guys,

does nobody has an idea on this?

Regards

Andreas

0 Helpful
Customers Also Viewed These Support Documents