Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.3 and NX-OS, command set authorization failure


I am currently working on building a new command set for a Nexus 3000 series switch.  We already have a policy in place that allows a select group of people to administrate our Nexus 5000 switches.  Since this policy worked, I simply duplicated it and re-applied it to another device group.  Unfortunately this did not work as expected, and we are receiving the following error:

>int Ethernet1/1

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)

This is an error based on the command set not having the correct permit statements from what I can gather.  My Google-Fu is failing me today, however, and all the topics I find on this subject seem to have no solutions that work.  So here I am, completely green, hoping someone can point me in the right direction or link a document that may help.

The previous policy used permit statements and arguments such as:

Permit int* eth*[0-9]{3}

Which allowed our administrators to enter interface configuration mode, apply changes, and so on.  I have also tried to add a second statement such as:

Permit int* eth*[0-9]{2)

Thinking that perhaps since our 5000 series switches use interface id's like 100/1/1 and the 3000's do not, maybe the {2} was how many options could be allowed.  Anyway, I'm stumped at this point.  If anyone has some documentation I could review on command set creation w/ NX-OS, it would be much appreciated.

Thank you!

Everyone's tags (4)
CreatePlease to create content