Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
380
Views
10
Helpful
4
Replies
Highlighted
ParthaSarathi
Beginner
Beginner
‎09-19-2018 03:33 AM
‎09-19-2018 03:33 AM

AAA authentication

 

 Hi All ,

I have a doubt regarding aaa authorization command . I  have logged in to the Device using my TACACS ID now I removed the aaa authorization command  specifically

no aaa authorization commands 15 default group tacacs+ local

Now Initially I thought  that I can't run any more  commands as it will  show  authorization failure , but while testing  I found that I can run all commands in config  mode from that telnet session or from any other telnet session . Please any one explain me the function of this command in details  and  reason  for this .

 

 

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor
‎09-19-2018 03:47 AM
‎09-19-2018 03:47 AM

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

View solution in original post

Reply
4 REPLIES 4
Highlighted
Deepak Kumar
VIP Advocate VIP Advocate
VIP Advocate
‎09-19-2018 03:39 AM
‎09-19-2018 03:39 AM

Hi,

Q: found that I can run all commands in config  mode from that telnet session?

Ans: You can all permitted commands to your account after this because you are already logged in and switch or router will not check authentication again. After the session time or trying with another account will failed to login. 

 

Please explain about your second question, how are you trying and did you tried from same system and same username? And also share the running configuration so we check that what was the reason.

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Reply
Highlighted
ParthaSarathi
Beginner
Beginner
In response to Deepak Kumar
‎09-19-2018 03:43 AM
‎09-19-2018 03:43 AM

yes After removing this command I have tried from same session and other session too . but everything was working fine . I was using My TACACS  id  each time . I can easily login and can get into config mode and then executed  other commands but all worked well .

0 Helpful
Reply
Highlighted
Deepak Kumar
VIP Advocate VIP Advocate
VIP Advocate
In response to ParthaSarathi
‎09-19-2018 03:51 AM
‎09-19-2018 03:51 AM

Hi,

I got your question. If you removing a command aaa authorization commands 15 default group tacacs+ local   than there will no impact to session. You are removing the requirement to check the commands of users with Level 15  permissions.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Reply
Highlighted
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor
‎09-19-2018 03:47 AM
‎09-19-2018 03:47 AM

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

View solution in original post

Reply
Latest Contents
Nexus 5596 Switche keep droping the traffics
Created by motiar on 02-26-2021 04:49 AM
1
0
1
0
Hello expert,I faced the following problem: I habe some catalyst Switche, connected redundantly to vPC Nexus 5596 Switche and the Nexus Switches are connected redundantly to Core-Switche, as you can see the Topology and relevant outputs of configurations.... view more
Community Live Video - New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-24-2021 08:49 AM
0
0
0
0
(view in My Videos) Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT... view more
New Additions to the Catalyst 8000 Family- FAQ
Created by Cisco Moderador on 02-24-2021 07:23 AM
0
0
0
0
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT  Introduction Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b... view more
New Additions to the Catalyst 8000 Family- AMA Event
Created by Cisco Moderador on 02-22-2021 05:26 AM
0
0
0
0
To participate in this event, please use the  button to ask your questions New Additions to the Catalyst 8000 Family This forum is a chance to clarify all your questions related to the Catalyst 8k Family! Designed for an intent-based network, the Ci... view more
Community Live Slides- New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-22-2021 05:16 AM
0
0
0
0
Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had  place on Tuesday 23rd, February 2021 at 10:00 hrs PDT  Designed... view more
Content for Community-Ad