aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
Cisco 2851 is running IOS 12.4(24)T while Catalyst 3750 is running IOS 12.2(35)SE5
With the exact configuration of AAA above, when the Cisco 2851 is lost contact with
the TACACS server, I can perform configuration changes without any issues.
However, if the Catalyst 3750 loses contact with the tacacs server, while in enable
mode, I can NOT do "configure t" and that I get the response "command authorization failed"
Anyone know why? Thanks.