Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

[ACS 5.2] switch Command authorization failed

Hi all,

i've problem, switch "authorization failed" on every command that i type.

Switch#sho run
Command authorization failed.

Switch#conf t
Command authorization failed.

i only use basic configuration. *attached below

Switch config :

aaa new-model
!
aaa authentication login default group tacacs+ none
aaa authentication enable default group tacacs+ none
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated none
aaa authorization commands 15 default group tacacs+ if-authenticated none
!
aaa session-id common

!

ip tacacs source-interface Vlan888
tacacs-server host 10.255.253.25
tacacs-server key cisco

!

ACS config :

# Network resources - network devices and AAA clients

     * name switch , ip 10.255.253.65 , authen option : tacacs+ , shared secret cisco

# User and identity store - internal identity store - users

     * name tester , pass : passw0rd , enable pass : enable

# Policy elements - authorization and permissions - device administration - shell profile

     * name : testProfile , command task - maximum privilege 15 , (default privilege not in use / default)

# Policy elements - authorization and permissions - device administration - command sets

     * name : PermitAll , mark "Permit any command that is not in the table below"

# Access policies - access service - default device admin - authorization
     * rule-8 , identity group in all groups , shell profile : testProfile

has anyone seen this type of issue and perhaps offer some advice on what I am missing.

Many Thanks in advanced.

Everyone's tags (3)
6 REPLIES
Cisco Employee

Re: [ACS 5.2] switch Command authorization failed

Hi.

What do you have under line vty 0 4

regards

New Member

[ACS 5.2] switch Command authorization failed

mine says

line vty 0 4

access-class ACL....

exec-timeout 9 0

password 7 ....

transport input ssh

New Member

[ACS 5.2] switch Command authorization failed

Did you find an answer for this? I have the same problem.

Cisco Employee

[ACS 5.2] switch Command authorization failed

The whole question is :

if the switch says command authorization failed, what does ACS say in the authorization logs ???

New Member

Re: [ACS 5.2] switch Command authorization failed

Classification: UNCLASSIFIED

Caveats: FOUO

It works now. The authorization logs does not say anything.

New Member

Re: [ACS 5.2] switch Command authorization failed

I had the same problem and marked the default priv lvl 15 and the max 15 (this was only for the admin account) the guest account i set up uses default 1 max (none) and it works perfectly.

you can #sho priv inside your cisco devie and it should say 15, if it doesnt then you know its a problem with your shell profile priv lvl.

6480
Views
0
Helpful
6
Replies