https://community.cisco.com/t5/network-access-control/aaa-and-vty-authentication/m-p/735877#M421049 <HTML><HEAD></HEAD><BODY><P>This password is known as the line password as it is configured on the line interface. In your configuration it is not used at all and can probably be removed. </P><P></P><P>This password is used as the login password when you are not using "aaa new-model". This password is probably left over from the days before you used AAA for authentication on the device.</P><P></P><P>If you wanted to you could add the line password to your aaa authentication line:</P><P></P><P>aaa authentication login LETMEIN local line</P><P></P><P>... in which case, telnet access would use local usernames and passwords but if these were unavailable for some reason (perhaps because you forgot to create them or accidentally deleted them) the device could fall back to using the line password for authentication. This is not really that useful as one mostly uses local as a backup for a network-based authentication source such as tacacs+ in case the tacacs+ server is unreachable via the network which is far more likely than a problem occurring with your local user accounts. </P></BODY></HTML> Sat, 14 Apr 2007 16:04:38 GMT Craig Balfour 2007-04-14T16:04:38Z https://community.cisco.com/t5/network-access-control/aaa-and-vty-authentication/m-p/735876#M421048 <P>If i have got this configuration :</P><P></P><P>RouterA#show config</P><P>username forum password 0 A34@#</P><P>aaa new-model</P><P>aaa authentication login LETMEIN local</P><P>aaa authentication TO_CONSOLE group tacacs+ local</P><P></P><P></P><P></P><P></P><P> line con 0</P><P> login authentication TO_CONSOLE</P><P></P><P> line vtu 0 3</P><P> password class</P><P> login authentication LETMEIN</P><P></P><P>Based on the configuration shown above, users that telnet into the router are to be authenticated via the AAA line labeled "LETMEIN". This line says that the local user database should be used, so users that enter "forum" as the username, and "A34@#" as the password will be granted access to the router.</P><P></P><P>What will be the use of the password : " class" , Do we need it?</P><P></P><P></P> Sun, 10 Mar 2019 22:05:46 GMT https://community.cisco.com/t5/network-access-control/aaa-and-vty-authentication/m-p/735876#M421048 zillah2004 2019-03-10T22:05:46Z https://community.cisco.com/t5/network-access-control/aaa-and-vty-authentication/m-p/735877#M421049 <HTML><HEAD></HEAD><BODY><P>This password is known as the line password as it is configured on the line interface. In your configuration it is not used at all and can probably be removed. </P><P></P><P>This password is used as the login password when you are not using "aaa new-model". This password is probably left over from the days before you used AAA for authentication on the device.</P><P></P><P>If you wanted to you could add the line password to your aaa authentication line:</P><P></P><P>aaa authentication login LETMEIN local line</P><P></P><P>... in which case, telnet access would use local usernames and passwords but if these were unavailable for some reason (perhaps because you forgot to create them or accidentally deleted them) the device could fall back to using the line password for authentication. This is not really that useful as one mostly uses local as a backup for a network-based authentication source such as tacacs+ in case the tacacs+ server is unreachable via the network which is far more likely than a problem occurring with your local user accounts. </P></BODY></HTML> Sat, 14 Apr 2007 16:04:38 GMT https://community.cisco.com/t5/network-access-control/aaa-and-vty-authentication/m-p/735877#M421049 Craig Balfour 2007-04-14T16:04:38Z