Core issue
This issue is documented in Cisco bug ID CSCeb08860.
Console authorization is incorrectly enabled by default in the console. A login from the console fails with this configuration due to an authorization failure:aaa
new-model
aaa authentication login default local
aaa authentication login no_tacacs none
aaa authorization exec default local
line con 0
login authentication no_tacacs
Resolution
In order to resolve this issue, perform one of these steps:
- Explicitly configure for no authorization with this configuration:
aaa authorization exec no_tacacs none
line con 0
authorization exec no_tacacs
- Download and upgrade the Cisco IOS version to any one of these versions:
- 12.3(4.2)
- 12.2(20.4)
- 12.3(4.4)B
- 12.2(20.4)S
- 12.3(5.5)T
- 12.3(7)XI
- 12.2(27)SBA
- 12.2(27)SBB