07-10-2024 09:30 AM
I am removing telnet from my cisco 2960 x switch and adding ssh:
my old config looked like this:
!
no aaa new-model
enable password 7 xxxxxxxx
!
username administrator privilege 15 password 7 xxxxxxxx
!
line con 0
password 7 xxxxxxxx
stopbits 1
line vty 0 4
password 7 xxxxxxxx
login
line vty 5 15
password 7 xxxxxxxx
login
!
New config looks like this :
aaa new-model
!
username administrator privilege 15 Secret 5 xxxxxxxx
enable secret 5 xxxxxxxx
!
line con 0
password ??? <-----------not sure what to put here? do i need anything here? it wont let me set a secret only password
stopbits 1
!
line vty 0 4
transport input ssh
login local
privilege level 15
!
line vty 5 15
transport input ssh
login local
privilege level 15
!
Solved! Go to Solution.
07-10-2024 09:58 AM
Hello,
Since you are enabling AAA You can just use the "aaa" command to centralize your logins. You wont need a "password" under the VTY lines.
Keep you local UN/Enable credentials. This will use those.
aaa authentication login default local
aaa authentication enable default enable
The default command says use this as the default method for logging into this switch. You can also add TACACS servers tot he method list if you decide to implement it.
-David
07-10-2024 10:15 AM
This need for vty (ssh)
aaa authentication login default local
aaa authentication enable default enable
Also you dont config domain and not generate key' this mandatory for ssh
For console I recommend use
Line console
Login
Password xxx
This make console not check aaa server
Lastly dont wr config until be so sure
You can access by ssh and console.
MHM
07-10-2024 09:58 AM
Hello,
Since you are enabling AAA You can just use the "aaa" command to centralize your logins. You wont need a "password" under the VTY lines.
Keep you local UN/Enable credentials. This will use those.
aaa authentication login default local
aaa authentication enable default enable
The default command says use this as the default method for logging into this switch. You can also add TACACS servers tot he method list if you decide to implement it.
-David
07-10-2024 10:15 AM
This need for vty (ssh)
aaa authentication login default local
aaa authentication enable default enable
Also you dont config domain and not generate key' this mandatory for ssh
For console I recommend use
Line console
Login
Password xxx
This make console not check aaa server
Lastly dont wr config until be so sure
You can access by ssh and console.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide