10-30-2009 12:48 AM - edited 03-10-2019 04:46 PM
Hello!
Could you help me resolve some problem.
Cisco 7206VXR (NPE400) processor (revision A), Version 12.2(31)SB11
Configuration from the router:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login local-admin-access group tacacs+ local
aaa authentication login remote-admin-access group tacacs+ local
aaa authentication enable default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec local-admin-access group tacacs+ if-authenticated
aaa authorization exec remote-admin-access group tacacs+ if-authenticated
aaa accounting exec default stop-only group tacacs+
aaa accounting exec local-admin-access stop-only group tacacs+
aaa accounting exec remote-admin-access stop-only group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 0 local-admin-access stop-only group tacacs+
aaa accounting commands 0 remote-admin-access stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 1 local-admin-access stop-only group tacacs+
aaa accounting commands 1 remote-admin-access stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting commands 15 local-admin-access stop-only group tacacs+
aaa accounting commands 15 remote-admin-access stop-only group tacacs+
aaa accounting system default start-stop group tacacs+
When ACS server works, I haven't problem
After I block ACS and try Connect to router..
lab(config-if)#ip access-group 101 in
And I try use local authentication, but she doesn't work (privilege 15 doesn't work)
username test10 privilege 15 secret 5 $1$XJ5K$ANa/.PzJO4fcLpe31jfXk/
User Access Verification
Username: test10
Password:
lab>
Why "privilege 15" doesn't work ?
10-30-2009 02:13 AM
Hi Antonio,
Please change this command
aaa authorization exec default group tacacs+ if-authenticated
to
aaa authorization exec default group tacacs+ local
If issue is still there then get the debugs,
debug aaa authentication
debug aaa authortization
debug tacacs
All the best!
Regards,
~JG
Do rate helpful posts
10-30-2009 03:27 AM
This is help me!
thx
10-30-2009 06:21 AM
If that fixed it then please mark it resolved so other can benefit.
Regards,
~JG
10-30-2009 06:54 AM
well said.
JK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide