cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2528
Views
0
Helpful
12
Replies

NEXUS TACACS AAA SOS PLS

KAROLY KOHEGYI
Level 2
Level 2

Hi,

i miss the aaa and tacacs command order.

Now i can access the nexus but i am not able to config.

C2-BAL-NEXUS# sho run | i tacacs

feature tacacs+

aaa group server tacacs+ ACS

tacacs-server directed-request

C2-BAL-NEXUS# sho run | i aaa

aaa group server tacacs+ ACS

snmp-server enable traps aaa server-state-change

aaa authentication login default group ACS

aaa authentication login console group ACS

aaa authorization config-commands default group ACS

aaa authentication login error-enable

the error messages!

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

The reboot is very hard.

Any idea!!

Thank in advance!!

12 Replies 12

KAROLY KOHEGYI
Level 2
Level 2

NEXUS 7010 SUP1 5.2.7

I have solved the problem!

Was it because you had no "tacacs-server key" entry?

Hi,

Yes!

The tacacs -server key and AAA server group were missing.

I found a little security hole ( or feature ) which  permits the config in this case.

Regards,

can u guide us 

how you solved 

sumani1984
Level 1
Level 1

I have same issue

pls guide what changes u done

by

subramani

subramanian.ntwengr@gmail.com

Thanks

sumani1984
Level 1
Level 1

same issue for me

can u guide

AAA failed

but local username

sh run

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

Hi,

The most important that copy xxx.txt startup/runnning is working in this case as well.

This command merges the startup config and the commands in xxx .txt without authorization.

I think the command uses the shell privilige level w/o AAA.

You may  lose nothing if you try it.

br

can u pls guide me in

acs 5.4

for above said changes

we configured this at nexus 7010  & failed

nexus 7010:

tacacs-server key 7 "admin123"

tacacs-server host *.*.*.*

tacacs-server host *.*.*.*

aaa group server tacacs+ tacacs+

    server *.*.*.* 

    server *.*.*.* 

    deadtime 10

    source-interface Vlan**

aaa authentication login default group tacacs+

aaa authentication login console group tacacs+

aaa authorization config-commands default group tacacs+

aaa authorization commands default group tacacs+

aaa authorization config-commands console group tacacs+

aaa authorization commands console group tacacs+

aaa accounting default group tacacs+

Hi,

It seems to be good. Please check the AAA key.

key mismatch

we have configured in Nexus tac key with cote "****"

but acs 5.4 not able to add with cote as "****"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco