Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

login problems

I am having some trouble with my login.

When I console into the switch I want to be promped for a user name and password which it does perfectly I get the router> then I type  enable. Works exactally as I want it.

I want it to do the same when I telnet in but it just goes stright to the router#

Can some one tell me what I have to change to get it to behave like username , password router> on telnet

conf t

service password-encryption

username admin priv 15 secret xxxx

username support priv 15 secret xxxx

!

aaa new-model

!

aaa authentication login default

!

!

aaa session-id common

ip http server

ip http authentication local

!

ip access-list standard snmp_acl

permit 192.168.12.1

!

!

snmp-server community ABC-RO RO snmp_acl

!

line vty 0 4

privilege level 15

login authentication default

exit

Everyone's tags (2)
12 REPLIES
Purple

login problems

hi,

Just remove the command privilege level 15 under the vty line.

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

Re: login problems

whan i remove that and log in I get

Switch>enable

% Error in authentication

New Member

Re: login problems

That is happening because your users have a priviledge level of 15. Create a user with a priviledge level of 1 for Telnet.

New Member

Re: login problems

Yes, remove the "privilege level 15 under the vty line" and change this line "aaa authentication login default" to "aaa authentication login default local" and of course create a user with a priviledge level of less than 15.

New Member

Re: login problems

Did that still takes me to the router#

I want router>

Sent from my iPhone

VIP Purple

Re: login problems

make this config:

line vty 0 4

password darren849

Login local

exit

Please rate , if it helps.

Regards

New Member

login problems

did that and now get the router> but cant type enable or get error

Switch>enable

% Error in authentication

Hall of Fame Super Gold

Re: login problems

That symptom usually means that there is no enable password or enable secret configured. The console will go go to enable mode without the enable password or enable secret but the vty require that it be configured. Can you confirm whether there is any enable password or enable secret configured?

It would probably help us see what is going on if you would post the entire configuration of aaa (or better yet just post the entire config).

HTH

Rick

New Member

login problems

I have a factory default 2960 and I past this into it, I have one vlan set up and one switch port so I can telnet in to the switch.

What I dont get is when I go in through the console I get prompted for a  user name and password

then I get  router>    now I type ....enable then takes be directall to the Router#  This is exactly how I want it.

I want it to do the same for the VTY ( Telnet) but it will not

I get promped for a user name and password then it goes directally to router#

I want it to go to router>

conf t

service password-encryption

username support priv 15 secret xxxx

username admin priv 15 secret xxxxxx

!

aaa new-model

!

aaa authentication login default local enable

!

!

aaa session-id common

ip http server

ip http authentication local

!

ip access-list standard snmp_acl

permit 141.11.4.104

!

!

snmp-server community ABC-RO RO snmp_acl

!

line vty 0 15

privilege level 15

login authentication default

exit

exit

wr mem

New Member

login problems

If I go change the VTY 0 4 Privilege level from 15 it goes directally to the Router# after the user name and password

If I change the VTY 0 4 Privilege level to 0,1,or 2  I get prompted for user name and password and go to the Router>

when I type enable from here I get % Error in Authentication

Hall of Fame Super Gold

login problems

Based on what you have posted I would say that you are experiencing normal behavior of IOS. You have not configured either enable password or enable secret so there is no password protecting enable mode. By default on the console it will go into enable mode with no password for enable. And by default the vty will fail to go to enable when there is no password.

So you can not have the vty to behave exactly as the console does. You can either configure a password to protect enable and then enter the password at the enable prompt for the vty. Or you can configure the vty to go directly to enable mode. If you want people to go to enable mode without a password then I do not understand the logic of wanting to force them to type enable. Why not take them directly to enable?

HTH

Rick

New Member

login problems

I am the only person who will be using the router. I am the only support ( scarry). When I telnet in I want to get to the Router>  

If I need to do any task at the Router> prompt I am going to have to go to the physical switch and plug in a console port.

There may be a time when I need to telnet in and get to the Router> prompt

725
Views
0
Helpful
12
Replies
CreatePlease to create content