Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

% Authorization failed.

Can you help me to Understand that when I am adding aaa template to a switch which I am connected with telnet give me the error % Authorization failed

and accounting part is not unable to be added. Also is unable to connect to this switch again. Even username admin is added , The template was:

username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization config-commands

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: % Authorization failed.

change template to :

username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

aaa authorization config-commands

Then try to add, this is happening cause you are enabling authorization but are logged in with unprivileged account.

~Rohit

1 REPLY
Cisco Employee

Re: % Authorization failed.

change template to :

username admin password admin

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting system default start-stop group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.101.247 key X

aaa authorization config-commands

Then try to add, this is happening cause you are enabling authorization but are logged in with unprivileged account.

~Rohit

304
Views
0
Helpful
1
Replies
CreatePlease to create content