I'm using SDM to set up an Easy VPN connection and being a newbie I'm struggling with AAA and the creation of the user account needed. The SDM wizard said I had to have AAA enabled and a user account. I found this Cisco doc using google:
and following the instructions I entered these commands into the cli:
router(config)#aaa authentication login default local
but my normal login and username and password won't work in the cli once I've done this. I have to powerdown the router and restart it to get control back.
To be honest I found the cisco instructions really hard going, I don't understand the Radius Kerberos TACACS method-list stuff so I wondered if there were any simple instructions out there to set up the user account necessary to proceed with the Easy vpn wizard in SDM.
Thanks for any pointers.
Once you enable the aaa new-model, all previous authentication mechanisms applied to lines invalid. Thats why you should do one of the following
Do not issue "aaa authentication login default local" or if you are forced to by SDM, either create a username for yourself with high priv, because that command will effect console or VTY lines which their authentication is left default, and ask username and password whenever you login or you can create a list which has "none" as a method and apply to console line to ignore console authentication.
username anthony priv 15 password xxxx
Once you enter a username as above, you can login via console with that username and pass if "aaa authentication login default local" is issued.
Radius and Tacacs methods are servers that has the ability to contain usernames with more advanced configurations. For a simple authentication you can use local authentication, that why you dont have to mess up with Radius or Tacacs at the moment.