cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1078
Views
10
Helpful
4
Replies

AAA authentication

ParthaSarathi
Level 1
Level 1

 

 Hi All ,

I have a doubt regarding aaa authorization command . I  have logged in to the Device using my TACACS ID now I removed the aaa authorization command  specifically

no aaa authorization commands 15 default group tacacs+ local

Now Initially I thought  that I can't run any more  commands as it will  show  authorization failure , but while testing  I found that I can run all commands in config  mode from that telnet session or from any other telnet session . Please any one explain me the function of this command in details  and  reason  for this .

 

 

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

View solution in original post

4 Replies 4

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Q: found that I can run all commands in config  mode from that telnet session?

Ans: You can all permitted commands to your account after this because you are already logged in and switch or router will not check authentication again. After the session time or trying with another account will failed to login. 

 

Please explain about your second question, how are you trying and did you tried from same system and same username? And also share the running configuration so we check that what was the reason.

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

yes After removing this command I have tried from same session and other session too . but everything was working fine . I was using My TACACS  id  each time . I can easily login and can get into config mode and then executed  other commands but all worked well .

Hi,

I got your question. If you removing a command aaa authorization commands 15 default group tacacs+ local   than there will no impact to session. You are removing the requirement to check the commands of users with Level 15  permissions.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

Review Cisco Networking for a $25 gift card