Authorization Failed when entering Global configuration mode...

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2014 06:16 PM - edited 03-04-2019 10:59 PM
Hi,
I never ran into this issue before and pretty much lost now...
I know i configured console on a 3925 router to be no authentication/no authorization and it did work for me when I connected laptop to it before. But now I got Authorization Failed message when typed in configure t to try to get into Global Configuration mode...
Any idea?
- Labels:
-
Other Routing

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2014 05:14 AM
Did you enable this?
aaa authorization console
If you have aaa authorization enabled anywhere make sure you had "if-authenticated" at the end.
If you attach here the aaa configuration it would help to understand the issue.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2014 05:20 AM
Here are my authorization configure especially for the console
aaa authorization console
aaa authorization exec NON-PASS none
!
line con 0
privilege level 15
authorization exec NON-PASS
logging synchronous
login authentication NON-PASS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2014 05:36 AM
Try this:
aaa authorization exec NON-PASS if.authenticated

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2014 06:08 AM
I will try that on another router later. but I found the kicker...
There was this following line, which I never thought I ever put in...:
aaa authorization commands 15 default local
According to cisco doc:
If aaa authorization commands level method command is enabled, all commands, including configuration commands, are authorized by AAA using the method specified.
So it is make sense now that console can not access configure mode as there was no username/pass provided...
