Solved: Re: % Authorization failed.

adriatikb · ‎08-21-2007

Can you help me to Understand that when I am adding aaa template to a switch which I am connected with telnet give me the error % Authorization failed

and accounting part is not unable to be added. Also is unable to connect to this switch again. Even username admin is added , The template was:

username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization config-commands

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

rochopra · ‎08-21-2007

change template to :

username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

aaa authorization config-commands

Then try to add, this is happening cause you are enabling authorization but are logged in with unprivileged account.

~Rohit

View solution in original post

rochopra · ‎08-21-2007

change template to :

username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

aaa authorization config-commands

Then try to add, this is happening cause you are enabling authorization but are logged in with unprivileged account.

~Rohit