Cisco Support Community
Community Member

Nexus 7010 Tacacs+ can't do any commands once configured???

Hello I have Nexus 7010 and I have just finished configuring TACACS+ on it after a week and now it wont accept any commands from the remote logins. If I set the aaa authorization to "aaa authorization login default group XXXX" It gives me and error saying "ERROR: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0X10). If I take off the aaa authorization when I try to run a command it shows "% Permission denied".  I am currently using Cicso ACS 5.2 in conjunction with the nexus. The following is my configuration:

tacacs-server key xxxx

tacacs-server host xxxx

aaa group server tacacs+ xxxxx

server x.x.x.x

source interface vlan1


aaa authentication login default group xxxxx

aaa authentication login console local

aaa authorization commands default group xxxx

aaa authorization config-commands default group xxxx

                                                         "config-commands"                                                           "config-commands"    

Please note I have tried "aaa authorization commands default group xxxx local" and "aaa authorization commands default local" to try and resovle the issue but I get the same problem.

If anyone out there knows what piece of the puzzle I'm missing here please let me know. I heard that a command set may need to be done to ACS to resolve this issue but I do not know where to start on that. Any help here would be appriciated.

Thank you


CreatePlease to create content