05-24-2010 10:27 AM - edited 03-10-2019 05:09 PM
Hi,
I have a question about AAA commands. In aaa, I have defined the following:
aaa new-model
!
aaa authentication login default group tacacs+ local enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 0 default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
line con 0
authorization exec con_acc
login authentication con_acc
Based on that configuration, I guess that the router uses the default method. There is none method called con_acc either for authentication or authorization, so I understand that when the router fails to get the method espicified, it has to look for default.
Could some one clarify.
Thanks,
05-24-2010 12:01 PM
Doug,
I don't see any method listed created in the mentioned configuration so there is no use of these two commands
authorization exec con_acc
login authentication con_acc
Also, how did you call this method-list when you haven't defined globally. Did you just pick the config from somewhere and posted here or this a part of your running configuration.
I would suggest you to delete the above mentoned commands or create method-list. Also, when users fail the authentication with tacacs server then they can access the device using local username and password if created.
Sh run | in user <------------------You can check
let me know if you need any further help.
HTH
JK
Do rate helpful posts-
05-24-2010 12:12 PM
Hi Doug,
Yes, it will use default incase method specified in not available in the config.
Regards,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: