Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tacacs+ per vrf

Hi all:

I'm trying to configure the featute "tacacs+ per vrf" in order to authenticating with an ACS that a 7600 router learn from a vrf, but it isn't working; checking the ACS, I see that the user do authenticate but I got a messagge "authorization failed" from the router, so I never can login in.

The commands I'm applying on the router are:

aaa group server tacacs+ tacacscisco

server-private 1.1.1.1 key CISCO

ip vrf forwarding CISCO123

ip tacacs source-interface LOOPBACK 0

!

aaa authentication login default group tacacscisco local

aaa authentication login con_acc group tacacscisco local none

aaa authorization exec default group tacacscisco local

aaa authorization exec con_acc group tacacscisco local if-authenticated

aaa authorization commands 1 default group tacacscisco if-authenticated

aaa authorization commands 15 default group tacacscisco if-authenticated

aaa accounting exec default start-stop group tacacscisco

aaa accounting commands 15 default start-stop group tacacscisco

aaa accounting system default start-stop group tacacscisco

<Loopback 0 is on vrf CISCO123>

I would appreciatte any help !! tks

The IOS version I'm using is 12.2(33)SRB3

1 REPLY
Silver

Re: Tacacs+ per vrf

This is the expected behaviour, since the user is not defined locally, we are getting "Authorization failed" when going into privilege mode. Please define the user locally and try to login.

341
Views
0
Helpful
1
Replies