Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2600 router: struggling with AAA and user account setup

I'm using SDM to set up an Easy VPN connection and being a newbie I'm struggling with AAA and the creation of the user account needed. The SDM wizard said I had to have AAA enabled and a user account. I found this Cisco doc using google:

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html#wp1000971

and following the instructions I entered these commands into the cli:

router(config)#aaa new-model

router(config)#aaa authentication login default local

but my normal login and username and password won't work in the cli once I've done this. I have to powerdown the router and restart it to get control back.

To be honest I found the cisco instructions really hard going, I don't understand the Radius Kerberos TACACS method-list stuff so I wondered if there were any simple instructions out there to set up the user account necessary to proceed with the Easy vpn wizard in SDM.

Thanks for any pointers.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 2600 router: struggling with AAA and user account setup

Hello Anthony,

Once you enable the aaa new-model, all previous authentication mechanisms applied to lines invalid. Thats why you should do one of the following

Do not issue "aaa authentication login default local" or if you are forced to by SDM, either create a username for yourself with high priv, because that command will effect console or VTY lines which their authentication is left default, and ask username and password whenever you login or you can create a list which has "none" as a method and apply to console line to ignore console authentication.

username anthony priv 15 password xxxx

Once you enter a username as above, you can login via console with that username and pass if "aaa authentication login default local" is issued.

Radius and Tacacs methods are servers that has the ability to contain usernames with more advanced configurations. For a simple authentication you can use local authentication, that why you dont have to mess up with Radius or Tacacs at the moment.

Regards

2 REPLIES

Re: 2600 router: struggling with AAA and user account setup

Hello Anthony,

Once you enable the aaa new-model, all previous authentication mechanisms applied to lines invalid. Thats why you should do one of the following

Do not issue "aaa authentication login default local" or if you are forced to by SDM, either create a username for yourself with high priv, because that command will effect console or VTY lines which their authentication is left default, and ask username and password whenever you login or you can create a list which has "none" as a method and apply to console line to ignore console authentication.

username anthony priv 15 password xxxx

Once you enter a username as above, you can login via console with that username and pass if "aaa authentication login default local" is issued.

Radius and Tacacs methods are servers that has the ability to contain usernames with more advanced configurations. For a simple authentication you can use local authentication, that why you dont have to mess up with Radius or Tacacs at the moment.

Regards

New Member

Re: 2600 router: struggling with AAA and user account setup

thanks for your response, it helped me get past this barrier.

634
Views
0
Helpful
2
Replies