[c-nsp] aaa authorization and "authentication expired"

Per Carlson pelle at hemmop.com
Mon Apr 23 08:45:55 EDT 2012


Hi.

I've set up command authorization using TACACS+ on some devices
(various IOS releases), and have since experienced a new type of
"error" message: "Authentication expired". I would like to find more
information of this time out, and if it's configurable (either on the
device or  in some AV pair).

Reading the TACACS+ config guide and skimming the list of AVP's gives
few clues. The only promise looking AVP is the "idletime=X".
Unfortunately setting X to 0 (zero) doesn't help at all. There isn't
any commands on the device, neither under "aaa ..." nor "line vty
...", that seam to affect this timer.

Have anyone seen this before? Any clues how to increase the time out?

-- 
Pelle

"D’ä e å, vett ja”, skrek ja, för ja ble rasen,
”å i åa ä e ö, hörer han lite, d’ä e å, å i åa ä e ö"
- Gustav Fröding, 1895



More information about the cisco-nsp mailing list