Help!! AAA Authentication & SSH with the newer 2900 series

Unanswered Question
Aug 30th, 2010

Hello All,

I recently configured a 2921 router for aaa & SSH .... here are the sample configs. followed by the problem encountered.


ip domain name mmmove.corp


username xxyz privilege 15 password zzyx


aaa new-model

aaa authentication login default local
aaa authorization console
aaa authorization exec default local


line con 0
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh


crypto key generate rsa modulus 1024 general-keys


Here's the problem - I'm getting locked out of the router. The research I completed stated that the local database has to be established prior to any aaa configurations being applied. That order of operation is being followed.

But, once I logout and try to log back in - I get authentication failed!!!!!!

If there something I'm missing here - breaking into the router constantly can't be the solution lol!!!????

My Sincerest Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Mon, 08/30/2010 - 17:31


Please try the following:

username "username" password "password"

enable password "enable pass"

aaa new-model

aaa authentication login test local line

line vty 0 4

login authentication test


Hope this helps.



darrtech001 Mon, 08/30/2010 - 19:40

I will try your modification out Nagaraja ..... Thanks.

Would you also, explain where the faults are in the original post. I would like to know why the original configuration used is not working.

Nagaraja Thanthry Mon, 08/30/2010 - 21:13


When you configured "aaa authentication login default local" technically,

even that should work (as per documentation). In fact, I tried again with

the "aaa authentication login default local" and "logging authentication

default" (under the line vty) and it worked with the local username. I guess

it takes some time for it to sync.



Richard Burts Mon, 08/30/2010 - 22:00

To the original poster: are you sure that it is a problem with authentication failed. I have had experiences that seem similar to yours which actually turned out to be authorization failed rather than authentication failed.

Perhaps you would test again and post the commands entered and the exact error message generated by the router?




This Discussion