Please take a look at the below commands entered on a 4948 Catalyst. Will this prompt me to use <root> as the username and whatever password I decide to use when logging into the switch? I'm guessing the "default group local" portion of the CL below points to root as the username in this case.
username root password 7 1524020217252574611E34301A0913104007
aaa authentication login default group root local
aaa authentication fail-message ^You have failed to pass AAA login requirements!^
In other words there will be no TACACS or Radius involved with this.
You have to use "aaa authentication login default local" to point all authenticaiton to its local database.
That doesn't look right to me, unless Cisco has changed the way they've done AAA on the 4900 series (which I've never used). The "group" usually indicates a radius or tacacs server, not a username. I think what's happening is that it's trying to hit a server group called root, which is assigned to some ip address, it's failing and rolling over to local which would allow you to log in as root. If you aren't using a tacacs or radius server, you should be safe in removing the group portion and using just:
aaa authentication login default local
I would HIGHLY recommend doing this in one window, and then telnetting into the device from another window to test. When messing with AAA, never make a change and logout before testing in another window; you could lock yourself out.