Preview Tool

Cisco Bug: CSCtb45771 - should not authorize exit in VLAN mode if command authorization set use

Last Modified

Jan 29, 2017

Products (1)

  • Cisco IOS

Known Affected Releases


Description (partial)

When a shell command authorization set on a per network device group 
basis is configured on a TACACS server is used and TACACS
authorization is enable, the customer get the following error message:
Command authorization failed.
if the customer enter command vlan <vlan id> and exit in configuration 

For 3750, the following message is logged: 
%PARSE_RC-4-PRC_NON_COMPLIANCE and a traceback.

Before 12.2(53)SE, the VLAN is not created. For
12.2(33)SXH, 12.2(33)SXI (both trains are used by 6500) and 12.2(53)SE
for 3750, the VLAN is created.

Vlan mode (i.e. command VLAN) is the only mode authorizes exit command (i.e. sends out TACACS authorization packet to TACACS server). Interface
Vlan mode (command interface vlan) does not authorize command exit

The privilege level of the users is 10.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.