Authorizaton of ASA 5550 with AAA

Unanswered Question
Jan 6th, 2010


Well I have a ASA which I tried adding in ACS with TACAS+ protocol. I was able to authenticate with my ACS user but was unable to run any command which says "Command Authorization Failed".

The ASA configuration is attached for reference.

I have one doubt also as whether it is possible to have authorizaton of ASA with RADIUS protocol.

Thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jatin Katyal Wed, 01/06/2010 - 05:48


On the TACACS+ server, configure the commands that a user or group can use after they authenticate for CLI access. Every command that a user enters at the CLI is checked with the TACACS+ server. Looks like you haven't configured any shell command set on the ACS.

Here is a Doc that helps you configuring command set on ACS:

Also, radius doesn't support command authorization.

Let me know if you have any query/concern.



Plz rate helpful posts-

Panos Kampanakis Thu, 01/07/2010 - 06:53

Also, if you just want to authenticate you user with RADIUS when doing telent and you don't want to authorize on a per command basis you can remove the "aaa authorization command CACS LOCAL" command.

I hope it helps.



This Discussion