Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

6509 VSS authorization failure

Hi,

We have a 6509 VSS, it was previously running aaa, but it was removed, i'm trying to apply the aaa new model again but command authorisation is failing and i dont understand why.

When aaa new model is entered all the previous config comes back which is

aaa new-model

aaa authentication login default group tacacs+ line ( i alter line to local after the config appears by magic)

aaa authentication enable default group tacacs+ enable

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

No tacacs server is defined, i can telnet to the switch authenticate useing the local username and password and enter enable mode, but every commmand i try gives "command autorization failure". I have the same config about on numerous other switches that work ok.

Why doesnt aaa authorization commands 15 default group tacacs+ if-authenticated give me authorisation as i have authenticated locally and this works on 15 other switches

Do i need to enter other aaa commands?

I'm confused.

Thanks

1 REPLY
New Member
683
Views
0
Helpful
1
Replies
CreatePlease to create content