Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

After lost connect to ACS server locac user doesn't work

Hello!

Could you help me resolve some problem.

Cisco 7206VXR (NPE400) processor (revision A), Version 12.2(31)SB11

Configuration from the router:

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login local-admin-access group tacacs+ local

aaa authentication login remote-admin-access group tacacs+ local

aaa authentication enable default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec local-admin-access group tacacs+ if-authenticated

aaa authorization exec remote-admin-access group tacacs+ if-authenticated

aaa accounting exec default stop-only group tacacs+

aaa accounting exec local-admin-access stop-only group tacacs+

aaa accounting exec remote-admin-access stop-only group tacacs+

aaa accounting commands 0 default stop-only group tacacs+

aaa accounting commands 0 local-admin-access stop-only group tacacs+

aaa accounting commands 0 remote-admin-access stop-only group tacacs+

aaa accounting commands 1 default stop-only group tacacs+

aaa accounting commands 1 local-admin-access stop-only group tacacs+

aaa accounting commands 1 remote-admin-access stop-only group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

aaa accounting commands 15 local-admin-access stop-only group tacacs+

aaa accounting commands 15 remote-admin-access stop-only group tacacs+

aaa accounting system default start-stop group tacacs+

When ACS server works, I haven't problem

After I block ACS and try Connect to router..

lab(config-if)#ip access-group 101 in

And I try use local authentication, but she doesn't work (privilege 15 doesn't work)

username test10 privilege 15 secret 5 $1$XJ5K$ANa/.PzJO4fcLpe31jfXk/

User Access Verification

Username: test10

Password:

lab>

Why "privilege 15" doesn't work ?

4 REPLIES

Re: After lost connect to ACS server locac user doesn't work

Hi Antonio,

Please change this command

aaa authorization exec default group tacacs+ if-authenticated

to

aaa authorization exec default group tacacs+ local

If issue is still there then get the debugs,

debug aaa authentication

debug aaa authortization

debug tacacs

All the best!

Regards,

~JG

Do rate helpful posts

New Member

Re: After lost connect to ACS server locac user doesn't work

This is help me!

thx

Re: After lost connect to ACS server locac user doesn't work

If that fixed it then please mark it resolved so other can benefit.

Regards,

~JG

Cisco Employee

Re: After lost connect to ACS server locac user doesn't work

well said.

JK

~BR Jatin Katyal **Do rate helpful posts**
222
Views
0
Helpful
4
Replies
CreatePlease to create content