TACAC AAA Authorization Failure

Hello deers,

I'm trying to achieve AAA remotely using ACS (TACACS+) and I already created named authentication and authorization method lists and applied them to the VTY line and also did all needed configuration in ACS. When testing, I can telnet to the router just fine but I can not type ANY command, I just keep getting this message "Command authorization failed." even though this user is assigned a Command Set profile that permits all commands and Shel Profile level of 15.

When I go to ACS Monitoring and Reports viewer, I see that Authentication is done successfully but the problem is with Authorization in which I just keep hitting the Default Device Admin with DenyAllCommands Command Set! attached is a screenshot of this error.

image

I checked again my Authorization Policy and everyting looks right. I attached a screen shoot of my Authorization Policy.

image

 

I think I'm missing something, could you please help....

 

Thanks...

Comments

Sign In or Register to comment.