Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
4
Replies

3560

Arun
Level 1
Level 1

‎04-13-2013 01:30 PM - edited ‎03-07-2019 12:48 PM

I am just configuring 3560 switch.. I logged in to the switch through console and did the basic configuration then i logged into the device thru telenet using local username and password, I enabled aaa and opened a new session and logged into the switch using tacacs username and password to do the remaining config.. but i am getting this errror message "Command authorization failed".. not able to do the configs now..

Did i do anything wrong here. please help me to understand  and resolve it..

Thanks in advance..

--ARUN

Labels:
0 Helpful
4 Replies 4

Arun
Level 1
Level 1

‎04-13-2013 01:36 PM

ST-142#sh privilege

Current privilege level is 15

line vty 0 4

session-timeout 15

login authentication TacacsFirst

transport preferred none

line vty 5 15

session-timeout 15

login authentication TacacsFirst

transport preferred none line vty 0 4
session-timeout 15
login authentication TacacsFirst
transport preferred none

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Arun

‎04-13-2013 02:23 PM

Hello Arun,

Can you share the following: as looks like you are running some kind of authorization as well,

show run | sec aaa

then

debug aaa authentication

debug aaa authorization

debug tacacs

Then try to log in

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Arun
Level 1
Level 1
In response to Julio Carvajal

‎04-13-2013 05:12 PM

switch  into the production.. i cant turn on debugs..

aaa new-model

aaa authentication login TacacsFirst group tacacs+ local

aaa authentication login uselocal local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization commands 15 default group tacacs+ none

aaa accounting update newinfo periodic 5 jitter maximum 0

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa session-id common

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Arun

‎04-14-2013 12:40 AM

Hello Arun,

As I said before you are also running authorization on your AAA enviroment,

In this case you will need to go to the AAA server and make sure you are allowing this users to perform such tasks,

I am sorry man but without the debugs we are blind here,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card