Hi all:
I'm trying to configure the featute "tacacs+ per vrf" in order to authenticating with an ACS that a 7600 router learn from a vrf, but it isn't working; checking the ACS, I see that the user do authenticate but I got a messagge "authorization failed" from the router, so I never can login in.
The commands I'm applying on the router are:
aaa group server tacacs+ tacacscisco
server-private 1.1.1.1 key CISCO
ip vrf forwarding CISCO123
ip tacacs source-interface LOOPBACK 0
!
aaa authentication login default group tacacscisco local
aaa authentication login con_acc group tacacscisco local none
aaa authorization exec default group tacacscisco local
aaa authorization exec con_acc group tacacscisco local if-authenticated
aaa authorization commands 1 default group tacacscisco if-authenticated
aaa authorization commands 15 default group tacacscisco if-authenticated
aaa accounting exec default start-stop group tacacscisco
aaa accounting commands 15 default start-stop group tacacscisco
aaa accounting system default start-stop group tacacscisco
<Loopback 0 is on vrf CISCO123>
I would appreciatte any help !! tks
The IOS version I'm using is 12.2(33)SRB3