Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Backup AAA for PIX

I have a PIX with the following configuration:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host 192.168.1.1 77777 timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host 192.168.1.1 77777 timeout 10

aaa-server LOCAL protocol local

aaa authentication serial console TACACS+

aaa authentication enable console TACACS+

aaa authorization command TACACS+

aaa accounting match aaa_acl inside RADIUS

Everything works fine when the TACACS server is available. When it is not available, I can login with the username "PIX" and "password" just fine. The problem is, once I've logged in, I cannot get proper authorization to perform any commands. Does anyone know of a command similar to the "if-authenticated" for routers that I can use?

  • AAA Identity and NAC
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Backup AAA for PIX

There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.

4 REPLIES
Cisco Employee

Re: Backup AAA for PIX

There is no backup authorization method for the PIX. As you're aware, if the TACACS server is down you can login with "pix" and the enable password, but that doesn't help for authorization. The only thing you can do is wait for the TACACS server to come back up. Sorry.

New Member

Re: Backup AAA for PIX

That's what I was afraid of. Thanks for the help.

New Member

Re: Backup AAA for PIX

Hello guys,

i cann´t get tihs commad througth my PIX 535: Authorization and Accounting

------------------------------------------------------

TKFW101(config)# aaa authorization command acs1

service must be: "telnet", "ftp", "http", "tcp/0", "none", or "tcp/###"

Type help or '?' for a list of available commands.

TKFW101(config)#

----------------------

how dit you get it on your PIX ? i am running pix 0s 6.1(4)

thanks for any help

AE

Silver

Re: Backup AAA for PIX

Hi,

On version 6.1.4, you don't have the command authorization option. Thats why you are unable to enter it. It was first introduced in 6.2 code. Thanks,

Mynul

146
Views
5
Helpful
4
Replies