aaa new-model

Unanswered Question
Mar 8th, 2009
User Badges:


If i define aaa new-model (i.e. to use local username/password) and password under vty configuration, which one would be applicable while doing ssh into the router/switch.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
adamclarkuk_2 Sun, 03/08/2009 - 08:12
User Badges:
  • Silver, 250 points or more


It goes under vty, you just need to allow the transport

Line vty 0 4

Transport input ssh telnet

Then create the user under global conf

Username blah password blah

cisco_lite Sun, 03/08/2009 - 10:56
User Badges:


Does it mean if username is defined, ssh/telnet would not refer to password under vty.

adamclarkuk_2 Sun, 03/08/2009 - 11:18
User Badges:
  • Silver, 250 points or more

It depends on that you have set the aaa authentication to look at. If you use the command :-

aaa authentication login default line

then it will look at the line password (username can be anything), but the default will want a username and password and will not use the password under the vty details.

With the command:-

aaa authentication login default local line

It will try the line password first (username can be anything) if that fails it tries to match a username and password in the local database.


This Discussion