Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Console Authentication Failed

I'm trying to set up reverse console access in the lab;

AUX port on router R1 is connected to Console port on switch SW1.

On R1 I have the following configuration;

aaa new-model

!

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization reverse-access default group tacacs+ local

aaa accounting exec default

action-type stop-only

group tacacs+

!

aaa accounting commands 0 default

action-type stop-only

group tacacs+

!        

aaa accounting commands 1 default

action-type stop-only

group tacacs+

!        

aaa accounting commands 15 default

action-type start-stop

group tacacs+

!

aaa session-id common

!

line aux 0

modem InOut

transport preferred telnet

transport input all

transport output all

flowcontrol hardware

I can telnet to R1, and then telnet to its own loopback0 interface on port 2001, which connects me to SW1;

r1#telnet 1.2.3.4 2001

Trying 1.2.3.4, 2001 ... Open

User Access Verification

Username: me

Password:

% Authorization failed.

[Connection to 1.2.3.4 closed by foreign host]

r1#

No matter what configuration I try I always get this "% Authorization failed". I can telnet to SW1, just fine with the following configuration, what's missing to allow reverse access to work correcrtly?

aaa new-model

!

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default stop-only group tacacs+

aaa accounting commands 0 default stop-only group tacacs+

aaa accounting commands 1 default stop-only group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!        

aaa session-id common

!

line con 0

privilege level 15

line vty 0 4

session-timeout 5

access-class 50 in

logging synchronous

transport input all

transport output all

3 REPLIES

Console Authentication Failed

New Member

Console Authentication Failed

Hi Andrew,

Thanks for the input but unfortunately I'm still stumped! I can't see why it wouldn't work, a bit more fiddeling, latest configs are below but it seems like it should work to me. I dropped "aaa authorization reverse-access default group tacacs+ local" from R1, now instead of being able to log into SW1 and get the "% Authorization failed." error, I get nothing and it just hangs indefinatly never actually logging in or failing.

R1;

aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa authorization commands 15 default group tacacs+ if-authenticated 
aaa accounting exec default
 action-type stop-only
 group tacacs+
!
aaa accounting commands 0 default
 action-type stop-only
 group tacacs+
!
aaa accounting commands 1 default
 action-type stop-only
 group tacacs+
!
aaa accounting commands 15 default
 action-type start-stop
 group tacacs+
!
aaa session-id common

!

line aux 0
 transport preferred none
 transport input telnet
 transport output none

SW1;

aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ if-authenticated 
aaa authorization commands 15 default group tacacs+ if-authenticated 
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common

!

line con 0
 privilege level 15
Hall of Fame Super Silver

Console Authentication Failed

I have two suggestions:

- on R1 add under line aux 0

no exec

- on SW1 remove

aaa authorization console

HTH

Rick

1524
Views
0
Helpful
3
Replies
CreatePlease login to create content