Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1585
Views
10
Helpful
5
Replies

AAA configuration on cisco 9300

bilalsheikh77
Level 1
Level 1

‎08-11-2022 07:26 AM

I am trying to configure a AAA configuration on cisco 9300 switch. but lost here.

for line vty i need local database to be checked ( as this stack is not going to be attached with tacacs+ server)
I have local enable secret password.

config below is not working as it is keep asking for username/password on con 0

 

I do have line con 0 password

Sample config is as follow .


******************
username admin privilege 15 secret 5 Test123@@
!
enable secret Test123##
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
line con 0
password 7 Test123@@
line aux 0
line vty 0 4
password 7 Test123@@
line vty 5 15
password 7 Test123@@
!
end
!
wr
!

Labels:
0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎08-11-2022 07:34 AM - edited ‎08-11-2022 07:43 AM

aaa authentication login default  local<<<- you need this command to make Router as AAA for username/password 
!
line vty 0 4
login authentication default <<- if you use different method name then specify.

https://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/configuration/guide/cpt93_configuration/cpt93_configuration_chapter_010000.pdf

check this link for more detail 

NOTE:- I MAKE double check cisco not prefer use AAA for console, console prefer to be local, but for VTY you can use AAA

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-11-2022 08:19 AM - edited ‎08-11-2022 05:03 PM

I make small lab for this,
again I prefer config the console with login and config password under it.
FDGFDGDFGDFGDFG.pnghghghghghghg.png
the lab 
I use the rotary to make me decide which VTY I can access,
there are three 
1- login with password under the VTY
2- login using aaa auth and local  password (local meaning the username and password config in global mode)
3- login using aaa auth and line password (line meaning the password config under VTY not in global mode)

Issue with aaa auth and local or line 
let me explain, this fallback depend on the failed of AAA server and fallback to local or line BUT what if some bug or issue between the SW and AAA 

the SW still need to declear the AAA id dead before try local or line 
and that WHY I prefer login with password under the VTY 

NOTEIC:- MY LAB FOR VTY AND AS I MENTION EACH SW OR ROUTER HAVE SPECIAL BEHAVE WITH CONSOLE AND AAA DEAD 
""""FRIEND BE CARFULL""""

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎08-11-2022 07:34 AM

If you have not saved config, you reboot, so your config gone to default.

i do not see config in VTY lines as below :

login authentication default

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bilalsheikh77
Level 1
Level 1
In response to balaji.bandi

‎08-11-2022 08:09 AM

username admin privilege 15 secret 9 Test123@@
!
enable secret Test123##
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
line con 0
!
line vty 0 4
transport input all login authentication default
!
line vty 5-15
transport input all
login authentication default
!

 

my concern is for console use the local line password and for vty  use the  local database

0 Helpful

ammahend
VIP
VIP

‎08-11-2022 08:25 AM

if you don't want any password for line console then use this

aaa authentication login NO_AUTH none

line console 0

login authentication NO_AUTH

 

-hope this helps-
Customers Also Viewed These Support Documents