Solved: Re: Password upgrades

Kurt Warner · ‎07-10-2024

I am removing telnet from my cisco 2960 x switch and adding ssh:

my old config looked like this:

!

no aaa new-model
enable password 7 xxxxxxxx
!
username administrator privilege 15 password 7 xxxxxxxx

!
line con 0
password 7 xxxxxxxx
stopbits 1
line vty 0 4
password 7 xxxxxxxx
login
line vty 5 15
password 7 xxxxxxxx
login
!
New config looks like this :

aaa new-model

!

username administrator privilege 15 Secret 5 xxxxxxxx

enable secret 5 xxxxxxxx

!
line con 0
password ??? <-----------not sure what to put here? do i need anything here? it wont let me set a secret only password
stopbits 1
!
line vty 0 4
transport input ssh
login local
privilege level 15
!
line vty 5 15
transport input ssh
login local
privilege level 15
!

David Ruess · ‎07-10-2024

Hello,

Since you are enabling AAA You can just use the "aaa" command to centralize your logins. You wont need a "password" under the VTY lines.

Keep you local UN/Enable credentials. This will use those.

aaa authentication login default local

aaa authentication enable default enable

The default command says use this as the default method for logging into this switch. You can also add TACACS servers tot he method list if you decide to implement it.

-David

View solution in original post

MHM Cisco World · ‎07-10-2024

This need for vty (ssh)

aaa authentication login default local

aaa authentication enable default enable

Also you dont config domain and not generate key' this mandatory for ssh

For console I recommend use

Line console

Login

Password xxx

This make console not check aaa server

Lastly dont wr config until be so sure

You can access by ssh and console.

MHM