Cisco Systems Servers Manuale Utente

Under EXEC Commands, 
Cisco IOS commands are not 
being denied when checked.

Examine the Cisco IOS configuration at the AAA client. If not 
already present, add the following Cisco IOS command to the AAA 
client configuration:

aaa authorization command <0-15> default group TACACS+

The correct syntax for the arguments in the text box is 
permit argument or deny argument.

Administrator has been locked 
out of the AAA client because of 
an incorrect configuration being 
set up in the AAA client.

Try to connect directly to the AAA client at the console port. If that 
is not successful, consult your AAA client documentation or go to 
Cisco.com regarding password recovery procedures on your AAA 
client. For more information, see the 

.

IETF RADIUS attributes not 
supported in Cisco IOS 12.0.5.T

Cisco incorporated RADIUS (IETF) attributes in Cisco IOS 
Release 11.1. However, there are a few attributes that are not yet 
supported or that require a later version of the Cisco IOS software. 
The following attributes fall into this category:

17—Change Password 11.3

21—Password-Expiration 11.3

35—Login-LAT-Node No

36—Login-LAT-Group No

AAA client times out when 
authenticating against 
Windows NT/2000.

Increase the TACACS+ timeout interval from the default, 5, to 20. 
Set the Cisco IOS command as follows:

tacacs-server timeout 20