Re: Console Authentication Problem

bierrrr.CC · ‎03-30-2011

Hi,

I've got problem with understanding some configuration on Cisco 2950 switch:

(...)

aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local

(...)

line con 0
exec-timeout 60 0
login authentication CONSOLE
logging synchronous

If I got this right, there should be no authentication on the console line, but when I try to log on I get:

Authorization failed.

(...)

ALS1 con0 is now available

Press RETURN to get started.

And same message when I press Enter over and over. That means I've blocked the access to the switch completely via console line.

What is wrong with this config and why is it working this way and not just let me in without any password?

Yudong Wu · ‎03-30-2011

I think it is caused by "aaa authorization exec default local".

You disabled authentication on console. But the above command will apply to console automatically since you are use "default" as the name.

Try to use a name other than "default" and then apply it to where you would like to use authorization such as vty line but NOT on console.

andamani · ‎03-30-2011

Hi,

Try doing the following:

no aaa authorization exec default local

aaa authorization exec default if-authenticated

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved.Do rate helpful posts.