Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
1
Replies

2960X Switch - Console Authorization

Terry
Level 1
Level 1

‎05-22-2020 04:25 AM

Hi

 

I'm seeing an % Authorization failed error when I try to access my switch via the console port.

I want to separate my VTY and console access -

vty to use TACACS - this is working

console to use local database 

 

I have the following config in place:

 

aaa new-model

!

aaa authentication login default group ISE local

aaa authentication login CONSOLE local

aaa authorization config-commands

aaa authorization exec default group ISE if-authenticated

aaa authorization commands 1 default group ISE if-authenticated

aaa authorization commands 15 default group ISE if-authenticated

aaa accounting delay-start

aaa accounting commands 1 default start-stop group ISE

aaa accounting commands 15 default start-stop group ISE

!

line con 0

 login authentication CONSOLE

 

My understanding is that there shouldn't be any authorization applied on the console port by default, but when I debug the switch (debug aaa authorization) I can see the default method is being picked. This is also the case when I configure authorization for the console port.

 

I have found some bugs for this issue but they all relate to older software versions, I can't find anything for the version I'm running:

WS-C2960X-48FPS-L (stack x2)

15.2(4)E7

 

Any help would be appreciated.

 

Thanks

 

 

 

 

 

 

Labels:
0 Helpful
1 Reply 1

cmarva
Level 4
Level 4

‎05-22-2020 06:17 AM

It's been a while, but I think you can do something like:

aaa authorization CONSOLE none

 

you may have to play around with syntax to find the right command.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card