Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
10
Helpful
4
Replies

AAA authentication

Go to solution
ParthaSarathi
Beginner
Beginner

‎09-19-2018 03:33 AM - edited ‎03-05-2019 10:55 AM

 

 Hi All ,

I have a doubt regarding aaa authorization command . I  have logged in to the Device using my TACACS ID now I removed the aaa authorization command  specifically

no aaa authorization commands 15 default group tacacs+ local

Now Initially I thought  that I can't run any more  commands as it will  show  authorization failure , but while testing  I found that I can run all commands in config  mode from that telnet session or from any other telnet session . Please any one explain me the function of this command in details  and  reason  for this .

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor

‎09-19-2018 03:47 AM

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

View solution in original post

4 Replies 4

Go to solution
Deepak Kumar
Advocate
Advocate

‎09-19-2018 03:39 AM

Hi,

Q: found that I can run all commands in config  mode from that telnet session?

Ans: You can all permitted commands to your account after this because you are already logged in and switch or router will not check authentication again. After the session time or trying with another account will failed to login. 

 

Please explain about your second question, how are you trying and did you tried from same system and same username? And also share the running configuration so we check that what was the reason.

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
ParthaSarathi
Beginner
Beginner
In response to Deepak Kumar

‎09-19-2018 03:43 AM

yes After removing this command I have tried from same session and other session too . but everything was working fine . I was using My TACACS  id  each time . I can easily login and can get into config mode and then executed  other commands but all worked well .

0 Helpful

Go to solution
Deepak Kumar
Advocate
Advocate
In response to ParthaSarathi

‎09-19-2018 03:51 AM - edited ‎09-19-2018 03:52 AM

Hi,

I got your question. If you removing a command aaa authorization commands 15 default group tacacs+ local   than there will no impact to session. You are removing the requirement to check the commands of users with Level 15  permissions.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor

‎09-19-2018 03:47 AM

Hi there,

By removing  aaa authorization commands 15 default group tacacs+ local  you are removing the requirement for the device to check the comands of users with Level15 permissions.

 

Therefore providing you have successfully authenticated with priv15 level access you will be able to run any command.

 

Cheers,

Seb.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents