cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1255
Views
0
Helpful
4
Replies

Help!! AAA Authentication & SSH with the newer 2900 series

darrtech001
Level 1
Level 1

Hello All,

I recently configured a 2921 router for aaa & SSH .... here are the sample configs. followed by the problem encountered.

!

ip domain name mmmove.corp

!

username xxyz privilege 15 password zzyx

!

aaa new-model

aaa authentication login default local
aaa authorization console
aaa authorization exec default local

!

!
line con 0
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!

!

crypto key generate rsa modulus 1024 general-keys

!


Here's the problem - I'm getting locked out of the router. The research I completed stated that the local database has to be established prior to any aaa configurations being applied. That order of operation is being followed.


But, once I logout and try to log back in - I get authentication failed!!!!!!

If there something I'm missing here - breaking into the router constantly can't be the solution lol!!!????

My Sincerest Thanks.

4 Replies 4

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Please try the following:

username "username" password "password"

enable password "enable pass"

aaa new-model

aaa authentication login test local line

line vty 0 4

login authentication test

exit

Hope this helps.

Regards,

NT

I will try your modification out Nagaraja ..... Thanks.

Would you also, explain where the faults are in the original post. I would like to know why the original configuration used is not working.

Hello,

When you configured "aaa authentication login default local" technically,

even that should work (as per documentation). In fact, I tried again with

the "aaa authentication login default local" and "logging authentication

default" (under the line vty) and it worked with the local username. I guess

it takes some time for it to sync.

Regards,

NT

To the original poster: are you sure that it is a problem with authentication failed. I have had experiences that seem similar to yours which actually turned out to be authorization failed rather than authentication failed.

Perhaps you would test again and post the commands entered and the exact error message generated by the router?

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco