Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tacacs on Nexus 5000

CAn you please help with the following

I have the following config on Nexus 5596

ip tacacs source-interface mgmt0

tacacs-server host 10.21.1.180 key 7 "xxxxxxi"

aaa group server tacacs+ Harrods-Switches

    server 10.21.1.180

tacacs-server directed-request

aaa group server tacacs+ Harrods-Switches

aaa authentication login default group Harrods-Switches

aaa authorization config-commands default group Harrods-Switches

After applying the config above when I try adding or removing any command from the Switch I get the following message

I can only run show command on my switch

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

Is there any way I can revert the change made

Any help is much appreciated

3 REPLIES
New Member

Tacacs on Nexus 5000

You should still be able to login via console with the local username / password.... as long as you didn't remove the

aaa authentication login console local

The Nexi have some pretty handy aaa testing commands once you get consoled back in...

switch# test aaa server tacacs+ 10.10.1.1 user1 Ur2Gd2BH

switch# test aaa group TacGroup user2 As3He3CI

switch# test aaa auth command-type config-commands user XXXX command config

New Member

Tacacs on Nexus 5000

Hi Mark,

Many Thanks for your reply

I can logon using SSH and console but can not run any command in Global configration mode

I think the command below is causing this and I can not remove this command

aaa authorization config-commands default group Harrods-Switches

When I look at the logs on ACS the authentication is failing

New Member

Tacacs on Nexus 5000

All,

Rebooted the ACS server which has fixed the problem I had.

Many Thanks for your help

1427
Views
0
Helpful
3
Replies
CreatePlease to create content