[c-nsp] TACACS+ exec authorisation no working on Cisco 2960CG
Andrew Wentzell
awentzell at gmail.com
Wed Jul 30 09:48:28 EDT 2014
On Wed, Jul 30, 2014 at 8:39 AM, Sam Stickland <sam at spacething.org> wrote:
> I'm really stumped. Why does it not talk to the TACACS server for
> exec/enable?
>
You will need to add something like:
aaa authentication enable default group tacacs+ enable
You will also most likely want to add, at a minimum:
aaa authorization config-commands
aaa authorization commands 15 default group tacacs+ local
if-authenticated
AAA configuration is non-intuitive to say the least.
More information about the cisco-nsp
mailing list