Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1595
Views
0
Helpful
1
Replies

AAA and vty authentication

Go to solution
zillah2004
Level 1
Level 1

‎04-14-2007 01:13 AM - edited ‎03-10-2019 03:05 PM

If i have got this configuration :

RouterA#show config

username forum password 0 A34@#

aaa new-model

aaa authentication login LETMEIN local

aaa authentication TO_CONSOLE group tacacs+ local

line con 0

login authentication TO_CONSOLE

line vtu 0 3

password class

login authentication LETMEIN

Based on the configuration shown above, users that telnet into the router are to be authenticated via the AAA line labeled "LETMEIN". This line says that the local user database should be used, so users that enter "forum" as the username, and "A34@#" as the password will be granted access to the router.

What will be the use of the password : " class" , Do we need it?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Balfour
Level 1
Level 1

‎04-14-2007 09:04 AM

This password is known as the line password as it is configured on the line interface. In your configuration it is not used at all and can probably be removed.

This password is used as the login password when you are not using "aaa new-model". This password is probably left over from the days before you used AAA for authentication on the device.

If you wanted to you could add the line password to your aaa authentication line:

aaa authentication login LETMEIN local line

... in which case, telnet access would use local usernames and passwords but if these were unavailable for some reason (perhaps because you forgot to create them or accidentally deleted them) the device could fall back to using the line password for authentication. This is not really that useful as one mostly uses local as a backup for a network-based authentication source such as tacacs+ in case the tacacs+ server is unreachable via the network which is far more likely than a problem occurring with your local user accounts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Craig Balfour
Level 1
Level 1

‎04-14-2007 09:04 AM

This password is known as the line password as it is configured on the line interface. In your configuration it is not used at all and can probably be removed.

This password is used as the login password when you are not using "aaa new-model". This password is probably left over from the days before you used AAA for authentication on the device.

If you wanted to you could add the line password to your aaa authentication line:

aaa authentication login LETMEIN local line

... in which case, telnet access would use local usernames and passwords but if these were unavailable for some reason (perhaps because you forgot to create them or accidentally deleted them) the device could fall back to using the line password for authentication. This is not really that useful as one mostly uses local as a backup for a network-based authentication source such as tacacs+ in case the tacacs+ server is unreachable via the network which is far more likely than a problem occurring with your local user accounts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents