Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Tacacs+ authentication and authorization fail with NXOS and ACS 5.3

Hello,

I am trying to configure TACACS+ authentication and authorization for NX-OS (Nexus 7010) with Cisco ACS 5.3.

Configuration on Nexus's are the following :

feature tacacs+

!

tacacs-server host 10.16.6.3 key 0 UE9Pp40o

tacacs-server host 10.16.6.4 key 0 UE9Pp40o

!

ip tacacs source-interface vlan 99

!

aaa group server tacacs+ TACACS_SERVER

server 10.16.6.3

server 10.16.6.4

!

aaa authentication login default group TACACS_SERVER

aaa authorization commands default group TACACS_SERVER

aaa authorization config-commands default group TACACS_SERVER

aaa authentication login console group TACACS_SERVER

aaa accounting default group TACACS_SERVER

aaa authentication login error-enable

I configured ACS for authorization on this way :

NX-OS AV PAIR.jpg

This configuration doesn't work, I have the following message :

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

Do you have an idea ?

Thank you in advance,

Thibault

5 REPLIES
New Member

Tacacs+ authentication and authorization fail with NXOS and ACS

Hi Thibault,

Use the following attribute for nexus

Tim

New Member

Tacacs+ authentication and authorization fail with NXOS and ACS

Hi Zartar,

With your configuration I have exactly the same error output :

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

Thank you in advance,

Thibault

New Member

Tacacs+ authentication and authorization fail with NXOS and ACS

Hi everybody,

I create an SR, Cisco openened a Webex session and at the moment they don't succeed to operate NX-OS role with ACS.

However, they added a "command set" with permit all shell commands and now authorization work.

I will keep you informed.

Thank you,

Thibault

New Member

Tacacs+ authentication and authorization fail with NXOS and ACS

Any luck with the command set that cisco gave you. I'am having the same problem you are with my nexus 7010 and it is driving me nuts what needs to be set on the ACS for this to work.

New Member

Tacacs+ authentication and authorization fail with NXOS and ACS

it worked for me.  I am using ACS v5.3 and nexus running code v5.1.3

8698
Views
0
Helpful
5
Replies
CreatePlease to create content