Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Command authorization failed

Hi All,

I share the admin of a firewall with another a company. At the moment im unable to run any commands as i get the following error after logging in and then entering the enable password.

"Command authorization failed"

Im not sure if they have made any changes but the last change i made was to reconfigure the remote access VPN to use AAA Authentication against a MS IAS (radius server).

Here are the AAA commands before and after my change.

BEFORE

------

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication enable console LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

I then added the following lines.

aaa-server vpnauth protocol radius

aaa-server vpnauth max-failed-attempts 3

aaa-server vpnauth deadtime 10

aaa-server vpnauth (inside) host X.X.X.X PASSWORD timeout 5

And reconfigure the crypto map to use vpnauth. Remote access works fine but im totally restricted when i try and login via telnet or ssh.

Does anyone know why im locked out?

Appreciate any help as im stumped.

3 REPLIES

Re: Command authorization failed

What is the privilege level of the user you are accessing? Once you enter the enable password do you go to enable mode?

I don't see how the config you added can cause this. It must be something 'else'.

Regards

Farrukh

New Member

Re: Command authorization failed

Hi,

As management of this firewall is shared i cant be 100% sure that the other party didnt change anything. According to them they havent made any changes.

The user im using last had priv 15. It lets me go to enable mode OK using the password. But once in enable mode i only have a limited command set and everything i try to run returns "Command authorization failed".

Im wondering if this is a lost cause and Ill need to do a config reset... Problem is the device is located offsite.

Appreciate any help or advice.

Re: Command authorization failed

Unless this is a bug, 'someone' must have changed the firewall configuration.

Regards

Farrukh

16324
Views
0
Helpful
3
Replies
CreatePlease login to create content