aaa ?

Unanswered Question
Apr 24th, 2008
User Badges:


I have the following aaa config:

aaa new-model

aaa authentication login default group radius line

radius-server host

radius-server key WinRadius

line con 0

line vty 0 4

password line

My radius config is working fine but by default the aaa config is being applied to the console, tty's etc.

Is there a way to configure using aaa but not to use the console. i.e. apply aaa to all methods of connecting to the router/switch bar the console port ?

PS: I've tried here :

without success,



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
philth_123_2 Thu, 04/24/2008 - 09:43
User Badges:

I've found it.

aaa authentication for-console local

Username local password local

line con 0

login authentication for-console


Richard Burts Thu, 04/24/2008 - 09:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


The simple answer to your question is that no there is not a way to have aaa apply to vty but not to console.

The more complex answer is that you can configure one aaa method to apply to vty (as you have done) and can configure another aaa method to apply to console.

If I can guess that you want the vty to authenticate with radius but want the console to just authenticate with its line password then you could try configuring this:

aaa authentication login consoleauth line

line con 0

login authentication consoleauth

This will allow the console to authenticate with its line password while the vty still authenticate with radius and use the line password as a backup if radius is not available.




This Discussion