I did configure that but when put the show run, I could find the list in the line vty.

Another thing is that in the logs it says bind I/f. Not sure what that means.

Is this some known bug?

Sent from my iPhone

Hi Sid,

I see that you have used default list for login so it will apply to all the lines i.e. console, vty and auxillary.

Did you generate a rsa key pair for ssh?

the following link will give you details of the how to configure SSH on the router or switch:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Regards,

Anisha

P.S.: please mark this thread as resolved if you think your query is resolved.

The router is fully functional just that AAA is not authenticating with ACS. Its very wired that the same config is working for the switch but not for the router.

Am wondering if any other config is required for the router

It's not even going beyond finding the default list to be applied

Sent from my iPhone

Hi Sid,

I am including the basic configuration required on a router for SSH or telnet:

To enable telnet and ssh access on the router
_____________________________________________

line vty 0 4
transport input telnet ssh
transport output telnet ssh
login local
hostname abc
ip domain name /used for key generation
username password
crypto key generate rsa modulus 1024

Also please let me know if the test authentication is working from troublesome router or not.

Regards,

Anisha

Hi anisha,

You have given him the wrong set of commands for AAA.

the command in router to be given

ip domain-name

crypto key generate rsa modulus 1024

line vty 0 4

login authenication Default

authorization exec default

authorization command default

transport input ssh telnet

thanks

nitesh

sid,

just share the running configuration of aaa and line vty and ssh configuration with you have done on the router. its best

There is no change in the command in switch and router. they remain the same only. So that could not be the case.

Maybe the router might not be taking the default method list just apply it manually again in the router under line console and vty.

Thanks

Ok I will try that. I can't access the router now. Will havevto do it in the morning.

Thanks anyhow for the help

Sent from my iPhone

Hi Nitesh,

Thanks for pointing that .. there is no need to apply the command mentioned below as default will apply to all 3 interfaces.

login authenication Default

authorization exec default

authorization command default

Also default method list is being picked as per debugs.

Sid please do not key the command "login local" in line Vty. Please check the configuration and let us know.

yes I know, but i think router might not be getting accessed from the acs server so i have asked him to see if the aaa username and password are getting authenicated or not?

if the username and password get authenticated we can rule out the communication between ACS and Client is happening properly. then we have to see router configuration only.

Nitesh Saxena

CCIE Security

Local authentication is working fine. All the commands you mentioned are there

Sent from my iPhone

Hi sid,

please try this command and tell the output which is coming on the screen

test aaa group tacas+ legacy

and see the response you are getting.

Thanks

sid,

Please try

test aaa group tacas+ legacy (just check the syntax this is the syntax if i am wrong just do ? and see wats its asking for)

this will let us know if ACS server is getting contacted properly for not.

Thanks

Nitesh Saxena

I will let you know the output tomorrow. Thanks for providing the commands

Thanks

Hi Sid,

Any updates? did you try the the test command?

Regards,

Anisha