3620 Console Server - Double Auth issues....

Unanswered Question
Aug 22nd, 2008
User Badges:


I have a 3620 with a NM-32A cabled to numerous Cisco consoles with CAB-OCTAL-ASYNC cable to each console port.



interface Ethernet1/0

ip address

no ip directed-broadcast


ip host SWITCH4 2001


line 1 32

session-timeout 20

no exec

exec-timeout 0 0

transport input telnet

transport output pad v120 telnet rlogin udptn



aaa authentication login default local-case

aaa authorization exec default local

username user password Pass

enable secret SECRET



line con 0

exec-timeout 0 0

transport preferred telnet



Trying SWITCH4 (, 2001)... Open

User Access Verification

Username: user



This times out....I then auth again and sometimes get in, sometimes not. Same behaviour across 4 out of 13 devices (so far).....!!

Has anyone had similar problems?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sun, 08/24/2008 - 04:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I suggest, as an experiment, that you remove this line from the config and see if the behavior improves:

aaa authorization exec default local

I do not see that this is doing much for you (at least in the small amount of configuration that you posted) and potentially could cause symptoms such as you describe. If the behavior does improve you might leave it out or you might change it to this:

aaa authorization exec default if-authenticated



wpharaon Mon, 08/25/2008 - 01:34
User Badges:


This is the normal behavior as AAA is configured on your console server, and by default the authentication configured is applied on all lines, this behavior is not what you require on a terminal server, so

On the console server, configure:

aaa authentication login NOAUTH none

Under the NM-32 lines, configure:

login authentication NOAUTH

UTVi-NetAdmin Mon, 09/08/2008 - 07:50
User Badges:

Thanks to Rick, Wissam for your help.

I took of Authentication from the lines as you suggested and all is working well.

Thanks again,



This Discussion