Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

aaa on routers

can anyone tell me how I would get my switches/routers etc to ask for a username, do I just type new aaa model, then aaa username xxxxx password xxxx ?

New Member

Re: aaa on routers

Hi carl:

Try this:

router(config)#username xxx password xxx

router(config)#aaa new-model

router(config)#aaa authentication login default local

I hope it help (rate if it does)


Alberto Giorgi from spain


Re: aaa on routers

You could add "aaa authorization exec default local", in order to skip the enable password.

New Member

Re: aaa on routers

would i not type aaa new model first ? then do the username and password etc ?, also when setting up a router from default I get username and password anyway even though aaa is not configured, would this be the normal vty password, if so where is the username config?


New Member

Re: aaa on routers

I have found best practice is to change the context of the username/password so I knew when the authentication had gone back to local authentication, ACS, or another tacacs+/Radius box. Also, I have always cleared the AAA configuration before reapplying the new and improved configuration. Make sure you have the correct passwords (enable, vty, console, enable secret, username) before performing this function. Do not save the configuration to memory until you have successfully completed a functional test.

This would be an example of my recommendation use TACACS+ as primary authentication and use local on failover-*Note: I have changed the username prompt to lower case when the process resorts to local username authentication:

username xxxxxxx password yyyyyyyy

no aaa new-model

aaa new-model

aaa authentication password-prompt password:

aaa authentication username-prompt username:

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs local

aaa authentication login ppp group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+