console authorization on Nexus 7000 switch not working
I'm trying to enable command authorization for ssh as well as console access to a Nexus 7010 box (version 5.0). Following is the config:
aaa group server tacacs+ ACS5-1
snmp-server enable traps aaa server-state-change
aaa authentication login default group ACS5-1 local
aaa authorization config-commands default group ACS5-1 local
aaa authorization commands default group ACS5-1 local
NX# sh aaa authentication
default: group ACS5-1
console: group ACS5-1
NX# show aaa authorization
AAA command authorization:
default authorization for config-commands: group ACS5-1 local
default authorization for commands: group ACS5-1 local
As you can see, the default group configuration ACS5-1 for authenticatoin has applied to both defaults and console. But the command authorization does not appear to be applied to the console. As a result, when i login from the console and get authenticated, the command authorization does not trigger and i can run commands I'm not supposed to. In the configuration, I do not see "aaa authorization console" option unlike we have in IOS.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...