cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
3
Replies

% Authorization failed

bluesea2010
Enthusiast
Enthusiast

Hi 

I have below configuration , for some reason i cannot access console .getting   % Authorization failed

 

 

aaa new-model
!
!
aaa authentication attempts login 3
aaa authentication login console none
aaa authentication login ssh group radius local
aaa authentication dot1x default group radius
aaa authorization exec default group radius local 
aaa authorization network default group radius 
aaa accounting session-duration ntp-adjusted
aaa accounting update periodic 15
aaa accounting identity default start-stop group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
aaa server radius dynamic-author
 client 10.0.10.1 server-key key
 client 10.0.10.2 server-key key
 auth-type any
!
aaa session-id common

line con 0
 exec-timeout 0 0
 login authentication console
 stopbits 1

 

Thanks

 

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

Looks like you are missing two commands:

Globally:

aaa authorization console 

 

Under the Console Line:

authorization exec default

 

 

Thank you for rating helpful posts!

Hi ,

Thanks what does this command do , what if i don't need console authentication ?

Well there are three parts to AAA. Authentication, Authorization and Accounting. Based on your original output it appears that you are passing authentication but failing authorization. Thus, you must enable authorization for the console line as well. 

If you want to disable AAA from being performed on the console line then do this:

line con 0
 no  login authentication console
 no login

 

Thank you for rating helpful posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers