04-14-2007 01:13 AM - edited 03-10-2019 03:05 PM
If i have got this configuration :
RouterA#show config
username forum password 0 A34@#
aaa new-model
aaa authentication login LETMEIN local
aaa authentication TO_CONSOLE group tacacs+ local
line con 0
login authentication TO_CONSOLE
line vtu 0 3
password class
login authentication LETMEIN
Based on the configuration shown above, users that telnet into the router are to be authenticated via the AAA line labeled "LETMEIN". This line says that the local user database should be used, so users that enter "forum" as the username, and "A34@#" as the password will be granted access to the router.
What will be the use of the password : " class" , Do we need it?
Solved! Go to Solution.
04-14-2007 09:04 AM
This password is known as the line password as it is configured on the line interface. In your configuration it is not used at all and can probably be removed.
This password is used as the login password when you are not using "aaa new-model". This password is probably left over from the days before you used AAA for authentication on the device.
If you wanted to you could add the line password to your aaa authentication line:
aaa authentication login LETMEIN local line
... in which case, telnet access would use local usernames and passwords but if these were unavailable for some reason (perhaps because you forgot to create them or accidentally deleted them) the device could fall back to using the line password for authentication. This is not really that useful as one mostly uses local as a backup for a network-based authentication source such as tacacs+ in case the tacacs+ server is unreachable via the network which is far more likely than a problem occurring with your local user accounts.
04-14-2007 09:04 AM
This password is known as the line password as it is configured on the line interface. In your configuration it is not used at all and can probably be removed.
This password is used as the login password when you are not using "aaa new-model". This password is probably left over from the days before you used AAA for authentication on the device.
If you wanted to you could add the line password to your aaa authentication line:
aaa authentication login LETMEIN local line
... in which case, telnet access would use local usernames and passwords but if these were unavailable for some reason (perhaps because you forgot to create them or accidentally deleted them) the device could fall back to using the line password for authentication. This is not really that useful as one mostly uses local as a backup for a network-based authentication source such as tacacs+ in case the tacacs+ server is unreachable via the network which is far more likely than a problem occurring with your local user accounts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: