Here are my authorization

m1xed0s · ‎05-14-2014

Hi,

I never ran into this issue before and pretty much lost now...

I know i configured console on a 3925 router to be no authentication/no authorization and it did work for me when I connected laptop to it before. But now I got Authorization Failed message when typed in configure t to try to get into Global Configuration mode...

Any idea?

Ruggero Delcuratolo · ‎05-15-2014

Did you enable this?

aaa authorization console

If you have aaa authorization enabled anywhere make sure you had "if-authenticated" at the end.
If you attach here the aaa configuration it would help to understand the issue.

m1xed0s · ‎05-15-2014

Here are my authorization configure especially for the console

aaa authorization console
aaa authorization exec NON-PASS none

!

line con 0
privilege level 15
authorization exec NON-PASS
logging synchronous
login authentication NON-PASS

Ruggero Delcuratolo · ‎05-15-2014

Try this:
aaa authorization exec NON-PASS if.authenticated

m1xed0s · ‎05-15-2014

I will try that on another router later. but I found the kicker...

There was this following line, which I never thought I ever put in...:

aaa authorization commands 15 default local

According to cisco doc:

If aaa authorization commands level method command is enabled, all commands, including configuration commands, are authorized by AAA using the method specified.

So it is make sense now that console can not access configure mode as there was no username/pass provided...

Authorization Failed when entering Global configuration mode...