cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1585
Views
10
Helpful
5
Replies

AAA configuration on cisco 9300

bilalsheikh77
Level 1
Level 1

I am trying to configure a AAA configuration on cisco 9300 switch. but lost here.

for line vty i need local database to be checked ( as this stack is not going to be attached with tacacs+ server)
I have local enable secret password.

config below is not working as it is keep asking for username/password on con 0

 

I do have line con 0 password

Sample config is as follow .


******************
username admin privilege 15 secret 5 Test123@@
!
enable secret Test123##
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
line con 0
password 7 Test123@@
line aux 0
line vty 0 4
password 7 Test123@@
line vty 5 15
password 7 Test123@@
!
end
!
wr
!

5 Replies 5

aaa authentication login default  local<<<- you need this command to make Router as AAA for username/password 
!
line vty 0 4
login authentication default <<- if you use different method name then specify.

https://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/configuration/guide/cpt93_configuration/cpt93_configuration_chapter_010000.pdf

check this link for more detail 

NOTE:- I MAKE double check cisco not prefer use AAA for console, console prefer to be local, but for VTY you can use AAA

I make small lab for this,
again I prefer config the console with login and config password under it.
FDGFDGDFGDFGDFG.pnghghghghghghg.png
the lab 
I use the rotary to make me decide which VTY I can access,
there are three 
1- login with password under the VTY
2- login using aaa auth and local  password (local meaning the username and password config in global mode)
3- login using aaa auth and line password (line meaning the password config under VTY not in global mode)

Issue with aaa auth and local or line 
let me explain, this fallback depend on the failed of AAA server and fallback to local or line BUT what if some bug or issue between the SW and AAA 

the SW still need to declear the AAA id dead before try local or line 
and that WHY I prefer login with password under the VTY 

NOTEIC:- MY LAB FOR VTY AND AS I MENTION EACH SW OR ROUTER HAVE SPECIAL BEHAVE WITH CONSOLE AND AAA DEAD 
""""FRIEND BE CARFULL""""

balaji.bandi
Hall of Fame
Hall of Fame

If you have not saved config, you reboot, so your config gone to default.

i do not see config in VTY lines as below :

login authentication default

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

username admin privilege 15 secret 9 Test123@@
!
enable secret Test123##
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
line con 0
!
line vty 0 4
transport input all login authentication default
!
line vty 5-15
transport input all
login authentication default
!

 

my concern is for console use the local line password and for vty  use the  local database

ammahend
VIP
VIP

if you don't want any password for line console then use this

aaa authentication login NO_AUTH none

line console 0

login authentication NO_AUTH

 

-hope this helps-