Hello. I have a Catalyst 3750, that I am configuring. I've enabled AAA new-model and configured an aaa authentication group for logging on to the Console and SSH.
When I log on to either (SSH or the Console), I've noticed that though the switch prompts for a username simply typing in the enable password will grant me access to the switch. If I type in some random characters for the username then type in the enable password, it will allow me in.
(Typing in the username and password of a user that is configured on the switch will get me in as well)
Is there a way to correct this so a proper username and password is needed to log in, and not just the enable password?
! ! Last configuration change at 22:15:35 EST Fri Apr 15 2011 by l;klj ! NVRAM config last updated at 23:52:25 EST Fri Apr 15 2011 by netadmin ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname CORE ! boot-start-marker boot-end-marker ! ! enable secret 5 alksdj;ajkdj ! username netadmin privilege 15 secret 5 alksdj;ajdj aaa new-model ! ! aaa authentication login default local enable ! ! ! ! ! ! aaa session-id common clock timezone EST -5 0 switch 1 provision ws-c3750x-24 switch 2 provision ws-c3750x-24 system mtu routing 1500 no ip icmp rate-limit unreachable DF ! ! ! ip domain-name Domain.local ip device tracking login block-for 60 attempts 5 within 30 login on-failure log ! ! crypto pki trustpoint TP-self-signed-3938373120 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3938373120 revocation-check none rsakeypair TP-self-signed-3938373120 ! ! crypto pki certificate chain TP-self-signed-3938373120 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id no spanning-tree vlan 1-1005 ! ! ! ! ! ! ! ! ! vlan internal allocation policy ascending ! ip ssh time-out 90 ip ssh authentication-retries 5 ip ssh version 2 ! ! ! ! ! ! !
<interfaces removed for brevity>
interface Vlan1 no ip address ! interface VlanX description Management Interface ip address 192.168.x.10 255.255.255.0 ! ip default-gateway 192.168.x.1 ip forward-protocol nd ! ip http server ip http secure-server ! ! ! ! ! ! ! ! ! line con 0 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! end
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...