% Authorization failed.

Answered Question
Aug 21st, 2007
User Badges:

Can you help me to Understand that when I am adding aaa template to a switch which I am connected with telnet give me the error % Authorization failed

and accounting part is not unable to be added. Also is unable to connect to this switch again. Even username admin is added , The template was:


username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization config-commands

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X


Correct Answer by rochopra about 9 years 7 months ago

change template to :


username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

aaa authorization config-commands


Then try to add, this is happening cause you are enabling authorization but are logged in with unprivileged account.


~Rohit

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rochopra Tue, 08/21/2007 - 01:35
User Badges:
  • Cisco Employee,

change template to :


username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

aaa authorization config-commands


Then try to add, this is happening cause you are enabling authorization but are logged in with unprivileged account.


~Rohit

Actions

This Discussion