aaa authorization ACA4.1

Unanswered Question
Apr 18th, 2008

i configure aaa on my switch and cannog get telnet loggin. in the PAsst Athem ACS Server: Authentication is OK, but FailItem Unknown NAS

Thanks for any Help

-----------------------------------------aaa new-model

aaa authentication login default group radius local

aaa authentication login CONSOLE local

aaa authentication enable default group tacacs+ enable

aaa authentication dot1x default group radius

aaa authorization exec default group tacacs+

aaa authorization exec CON none

aaa authorization network default group radius

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+


Switch output:

Username: aessome-d


% Authorization failed.

Connection closed by foreign host.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Fri, 04/18/2008 - 05:40

You want to use radius or tacacs ? Make sure you have priv 15 configured in acs,

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field



Do rate helpful posts


This Discussion