Device Passwords. Using SSH, Console, VTY, and AAA

Answered Question
Oct 14th, 2009

I know that without using SSH, and strictly using telnet, console, I can set a password for both my VTY lines and the console separately.

When I enable AAA for local SSH username and passwords, it asks me for a username and password even when I only connect using the console, when before enabling AAA, connecting to the console would just ask me for the password, and not a username and password.

Is this normal?

Does enabling AAA username and passwords take precedence over all authentication on all ports?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 7 years 3 months ago

Nelson

Yes this is normal. And yes enabling aaa new-model does take precedence over all authentication on all ports.

If you still want to login on the console and just use the console password it is possible to configure the router to do this (though frankly AAA is usually more secure and is preferred). If you want the console to authenticate with the line password the config might look something like this:

aaa authentication login cons_auth line

line con 0

login authentication cons_auth

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Richard Burts Wed, 10/14/2009 - 08:41

Nelson

Yes this is normal. And yes enabling aaa new-model does take precedence over all authentication on all ports.

If you still want to login on the console and just use the console password it is possible to configure the router to do this (though frankly AAA is usually more secure and is preferred). If you want the console to authenticate with the line password the config might look something like this:

aaa authentication login cons_auth line

line con 0

login authentication cons_auth

HTH

Rick

Richard Burts Wed, 10/14/2009 - 09:29

Nelson

I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there was a response which did lead to a solution.

HTH

Rick

Actions

This Discussion