Cisco Bug: CSCtb45771 - should not authorize exit in VLAN mode if command authorization set use
Jan 29, 2017
- Cisco IOS
Known Affected Releases
Symptom: When a shell command authorization set on a per network device group basis is configured on a TACACS server is used and TACACS authorization is enable, the customer get the following error message: Command authorization failed. if the customer enter command vlan <vlan id> and exit in configuration mode. For 3750, the following message is logged: %PARSE_RC-4-PRC_NON_COMPLIANCE and a traceback. Before 12.2(53)SE, the VLAN is not created. For 12.2(33)SXH, 12.2(33)SXI (both trains are used by 6500) and 12.2(53)SE for 3750, the VLAN is created. Vlan mode (i.e. command VLAN) is the only mode authorizes exit command (i.e. sends out TACACS authorization packet to TACACS server). Interface Vlan mode (command interface vlan) does not authorize command exit Conditions: The privilege level of the users is 10.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases