05-14-2014 06:16 PM - edited 03-04-2019 10:59 PM
Hi,
I never ran into this issue before and pretty much lost now...
I know i configured console on a 3925 router to be no authentication/no authorization and it did work for me when I connected laptop to it before. But now I got Authorization Failed message when typed in configure t to try to get into Global Configuration mode...
Any idea?
05-15-2014 05:14 AM
Did you enable this?
aaa authorization console
If you have aaa authorization enabled anywhere make sure you had "if-authenticated" at the end.
If you attach here the aaa configuration it would help to understand the issue.
05-15-2014 05:20 AM
Here are my authorization configure especially for the console
aaa authorization console
aaa authorization exec NON-PASS none
!
line con 0
privilege level 15
authorization exec NON-PASS
logging synchronous
login authentication NON-PASS
05-15-2014 05:36 AM
Try this:
aaa authorization exec NON-PASS if.authenticated
05-15-2014 06:08 AM
I will try that on another router later. but I found the kicker...
There was this following line, which I never thought I ever put in...:
aaa authorization commands 15 default local
According to cisco doc:
If aaa authorization commands level method command is enabled, all commands, including configuration commands, are authorized by AAA using the method specified.
So it is make sense now that console can not access configure mode as there was no username/pass provided...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide