aaa new-model

Unanswered Question
Mar 8th, 2009
User Badges:

Hi,


If i define aaa new-model (i.e. to use local username/password) and password under vty configuration, which one would be applicable while doing ssh into the router/switch.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
adamclarkuk_2 Sun, 03/08/2009 - 08:12
User Badges:
  • Silver, 250 points or more

Hi


It goes under vty, you just need to allow the transport


Line vty 0 4

Transport input ssh telnet


Then create the user under global conf


Username blah password blah

cisco_lite Sun, 03/08/2009 - 10:56
User Badges:


Hi,


Does it mean if username is defined, ssh/telnet would not refer to password under vty.

adamclarkuk_2 Sun, 03/08/2009 - 11:18
User Badges:
  • Silver, 250 points or more

It depends on that you have set the aaa authentication to look at. If you use the command :-


aaa authentication login default line


then it will look at the line password (username can be anything), but the default will want a username and password and will not use the password under the vty details.


With the command:-


aaa authentication login default local line


It will try the line password first (username can be anything) if that fails it tries to match a username and password in the local database.


Actions

This Discussion