problem with AAA on the 12.2(58).SE version

Unanswered Question
Jan 29th, 2012
User Badges:


I have a lot of switches (about 400 to be precisely) series 2960 and 3750, with IOS version

Series 2960: c2960-lanbasek9-mz.122-52.SE.bin

Series 2960S: c2960s-universalk9-mz.122-53.SE2.bin

Series 3750: c3750-ipservicesk9-mz.122-52.SE.bin

The follow configuration to AAA is:

aaa new-model


aaa authentication login default group radius line none

aaa authentication enable default enable none

aaa authorization exec default group radius if-authenticated

aaa accounting exec default start-stop group radius

aaa accounting system default start-stop group radius

enable secret «password removed»


radius-server host auth-port 1812 acct-port 1813 key «password removed»

radius-server retransmit 2

radius-server timeout 2

line con 0

exec-timeout 5 0

password «password removed»


Then when I tried to upgrade the 2960 and 3750 series to the 12.2(58) version, I had a problem with this configuration. When the RADIUS is down, I cannot have access to the switches, even with password on the line con 0. The prompt is always with username and password, not the password prompt was used to be in the 12.2(52).SE and 12.2(53).SE version.

Anyone have the same problem? How can I fix it?

Thanks in advanced,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnnylingo Sun, 01/29/2012 - 13:46
User Badges:
  • Bronze, 100 points or more

I believe newer IOS versions always require a username / password be used, even when the Radius / Tacacs server is down.

Something like this will let you login with username 'admin' if the radius server is unavailable.

username admin priv 15 password 0

aaa authentication login default group radius local

aaa authorization exec default group radius local

line con 0

no password


glen.grant Sun, 01/29/2012 - 16:41
User Badges:
  • Purple, 4500 points or more

  You don't need a  username and password as long as you have the line password and enable secret passwords defined  unless radius is different from tacacs .

ebarticel Sun, 01/29/2012 - 19:25
User Badges:
  • Bronze, 100 points or more

You need to add a second option to your authentication method to let you use local database if not radius is available.

Hope this helps


ANTONIO DEUS Mon, 01/30/2012 - 04:02
User Badges:


Thanks to all, but the solution is what write johnnylingo.

Best regards,



This Discussion

Related Content