|
Posted by J.Cottingim on June 24, 2008, 8:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Thanks, Lars.
>
> aaa new-model
> aaa authentication login default group tacacs+ local enable
> aaa authorization config-commands
> aaa authorization exec default group tacacs+ local
> aaa authorization commands 15 default group tacacs+ if-authenticated
>
> So, it's a tacacs problem, right?
>
> On Jun 24, 5:14=A0pm, Lars Christensen <you-dont-wanna-k...@your-
>
> face.ddd> wrote:
> > 67dbd544e...@x41g2000hsb.googlegroups.com:
>
> > > Ok, I'm new to this so bear with me.
>
> > > When I connect to one of our switches running ios vs 12.0 via the
> > > console, I am able to type commands normally.
>
> > > However, when I log in on a VTY via telnet, the login is successful
> > > but almost any command I type results in a "Command authorization
> > > failed." =A0I can check my privilege level, however, and it says I am
> > > level 15.
>
> > > Can anyone point me in the right direction?
>
> > > Our lines are configured thusly:
>
> > > !
> > > line con 0
> > > =A0exec-timeout 99 0
> > > =A0privilege level 15
> > > =A0password <blah>
> > > =A0transport input none
> > > =A0stopbits 1
> > > line vty 0 2
> > > =A0access-class 112 in
> > > =A0exec-timeout 4 30
> > > =A0password <blah>
> > > line vty 3 4
> > > =A0access-class 101 in
> > > =A0password <blah>
> > > line vty 5 15
> > > =A0access-class 10 in
> > > !
>
> > Hi Greg
>
> > What does your aaa section say about authorization of commands?
>
> > Regards,
> > Lars C.
> > CCIE #20292
>
>
Yes... At least it looks like it at this point.
You should check your TACACS server to be sure the username you login
with is authorized to perform the commands you are trying.
-JC
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map