aaa new-model

Unanswered Question
Mar 8th, 2009

Hi,

If i define aaa new-model (i.e. to use local username/password) and password under vty configuration, which one would be applicable while doing ssh into the router/switch.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
adamclarkuk_2 Sun, 03/08/2009 - 08:12

Hi

It goes under vty, you just need to allow the transport

Line vty 0 4

Transport input ssh telnet

Then create the user under global conf

Username blah password blah

cisco_lite Sun, 03/08/2009 - 10:56

Hi,

Does it mean if username is defined, ssh/telnet would not refer to password under vty.

adamclarkuk_2 Sun, 03/08/2009 - 11:18

It depends on that you have set the aaa authentication to look at. If you use the command :-

aaa authentication login default line

then it will look at the line password (username can be anything), but the default will want a username and password and will not use the password under the vty details.

With the command:-

aaa authentication login default local line

It will try the line password first (username can be anything) if that fails it tries to match a username and password in the local database.

Actions

This Discussion