[c-nsp] Tacacs and console access
George Hong
georgehong21 at gmail.com
Wed Jun 5 00:01:27 EDT 2013
Hi Cisco Gurus,
Quick question my Cisco foo is a bit dusty. I'm configuring a new switch
and I'm setting it up with Tacacs.
I'm configuring it using the console and the switch is not yet connected to
the network. After applying the tacacs config it says
% Authorization failed when I type "show run" or "conf t"
My tacacs config should fall back to local authorization but that doesn't
seem to work.
Below the relevant config. Any ideas what might be going on (what am I
doing wrong)?
Remember that no network cables have been plugged in (all interfaces are
down) and I'm configuring using console. I'm expecting to be able to
configure the switch when it has no network connectivity (via out of band /
console).
This is the tacacs config I'm applying:
aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication login CONSOLE group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 4 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
!
aaa session-id common
tacacs-server key key 7 <removed this >
tacacs-server host x.x.x.x timeout 2
tacacs-server directed-request
line con 0
session-timeout 60
exec-timeout 60 0
login authentication CONSOLE
line vty 0 4
session-timeout 60
access-class 22 in
exec-timeout 60 9
history size 256
transport input ssh
line vty 5 15
session-timeout 60
access-class 22 in
exec-timeout 60 9
history size 256
transport input ssh
After applying:
sw1.chi#sh run
% Authorization failed.
sw1.chi#conf t
% Authorization failed.
sw1.chi#
Full relevant config can be found here:
http://pastebin.com/p8XbYJ4W
Any ideas?
Thanks !
More information about the cisco-nsp
mailing list