Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1065
Views
10
Helpful
4
Replies

AAA authentication

Go to solution
ParthaSarathi
Level 1
Level 1

‎09-19-2018 03:33 AM - edited ‎03-05-2019 10:55 AM

 

 Hi All ,

I have a doubt regarding aaa authorization command . I  have logged in to the Device using my TACACS ID now I removed the aaa authorization command  specifically

no aaa authorization commands 15 default group tacacs+ local

Now Initially I thought  that I can't run any more  commands as it will  show  authorization failure , but while testing  I found that I can run all commands in config  mode from that telnet session or from any other telnet session . Please any one explain me the function of this command in details  and  reason  for this .

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎09-19-2018 03:47 AM

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

View solution in original post

4 Replies 4

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎09-19-2018 03:39 AM

Hi,

Q: found that I can run all commands in config  mode from that telnet session?

Ans: You can all permitted commands to your account after this because you are already logged in and switch or router will not check authentication again. After the session time or trying with another account will failed to login. 

 

Please explain about your second question, how are you trying and did you tried from same system and same username? And also share the running configuration so we check that what was the reason.

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
ParthaSarathi
Level 1
Level 1
In response to Deepak Kumar

‎09-19-2018 03:43 AM

yes After removing this command I have tried from same session and other session too . but everything was working fine . I was using My TACACS  id  each time . I can easily login and can get into config mode and then executed  other commands but all worked well .

0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to ParthaSarathi

‎09-19-2018 03:51 AM - edited ‎09-19-2018 03:52 AM

Hi,

I got your question. If you removing a command aaa authorization commands 15 default group tacacs+ local   than there will no impact to session. You are removing the requirement to check the commands of users with Level 15  permissions.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎09-19-2018 03:47 AM

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card