04-16-2010 12:01 PM - edited 03-10-2019 05:04 PM
Greetings!
I need your support. We are using TACACS in our environment to access the network devices. Now when I want to connect to the 6500 which is running in VSS mode, I can login successfully. However, the first command I initiate, is prompted back with the "Command authorization failed." message. If I repeat the same command directly, everything is fine and the command is running well. This is only for the first command.
On any other switches we have the same configuration and don't see this. This IOS is Version 12.2(33)SXI2a.
Any Idea how I can resolve this issue?
Cheers
Andreas
04-16-2010 04:27 PM
That seems to be the Bootstrap image version. I'd guess it's actually running some sort of IOS 12.2(33)SX?#. Can you post the "show version" and all AAA-related configs ("x"-ing out the sensitive bits of course).
04-18-2010 11:47 PM
Hi,
here we go:
sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
all AAA-related configs
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 7 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
aaa authentication login default group tacacs+ local
ip tacacs source-interface Vlan...
tacacs-server host ... single-connection
tacacs-server host ... single-connection
tacacs-server directed-request
Thanks
Andreas
05-05-2010 03:59 AM
Hey guys,
does nobody has an idea on this?
Regards
Andreas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide