04-13-2013 01:30 PM - edited 03-07-2019 12:48 PM
I am just configuring 3560 switch.. I logged in to the switch through console and did the basic configuration then i logged into the device thru telenet using local username and password, I enabled aaa and opened a new session and logged into the switch using tacacs username and password to do the remaining config.. but i am getting this errror message "Command authorization failed".. not able to do the configs now..
Did i do anything wrong here. please help me to understand and resolve it..
Thanks in advance..
--ARUN
04-13-2013 01:36 PM
ST-142#sh privilege
Current privilege level is 15
line vty 0 4
session-timeout 15
login authentication TacacsFirst
transport preferred none
line vty 5 15
session-timeout 15
login authentication TacacsFirst
transport preferred none line vty 0 4
session-timeout 15
login authentication TacacsFirst
transport preferred none
04-13-2013 02:23 PM
Hello Arun,
Can you share the following: as looks like you are running some kind of authorization as well,
show run | sec aaa
then
debug aaa authentication
debug aaa authorization
debug tacacs
Then try to log in
Regards
04-13-2013 05:12 PM
switch into the production.. i cant turn on debugs..
aaa new-model
aaa authentication login TacacsFirst group tacacs+ local
aaa authentication login uselocal local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 15 default group tacacs+ none
aaa accounting update newinfo periodic 5 jitter maximum 0
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
04-14-2013 12:40 AM
Hello Arun,
As I said before you are also running authorization on your AAA enviroment,
In this case you will need to go to the AAA server and make sure you are allowing this users to perform such tasks,
I am sorry man but without the debugs we are blind here,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide