02-24-2014 01:10 PM - edited 03-11-2019 08:49 PM
Hi everyone,
I can login to ASA fine via ssh.
When i console in it straight away gives me prompt
asa>
now when i press en
it ask for username and password but does not take it what i type.
Need to confirm
aaa authentication enable console DCNetwork LOCAL************************************is this enablle password config of ASA?
aaa authentication serial console LOCAL****************************console connection authen of asa?
i try to change the enable password via command
enable password but still no luck
Regards
MAhesh
Solved! Go to Solution.
02-24-2014 01:31 PM
Mahesh
Can you tell us what is the reference to DCNetwork in the aaa authentication command? It looks like it might be a reference to some authentication server (Radius or something). In that case it will attempt to authenticate enable access using that authentication server - which would be consistent with getting a prompt for username and password when you enter the enable command.
My guess is that when you use the command to change the enable password that you are indeed changing the configured password on the ASA but that it is using the authentication server to authenticate enable access.
HTH
Rick
02-24-2014 07:19 PM
Mahesh,
Rick seems to have hit the nail on the head. The aaa authentication that you're using is trying to authenticate against the backend radius server for you to be able to use the enable prompt.
Personally, if you want to just use the local enable password, you can remove the aaa authentication enable line altogether and use the local enable password on the appliance. Make sure that you have one "enable password
HTH,
John
*** Please rate all useful posts ***
02-24-2014 01:31 PM
Mahesh
Can you tell us what is the reference to DCNetwork in the aaa authentication command? It looks like it might be a reference to some authentication server (Radius or something). In that case it will attempt to authenticate enable access using that authentication server - which would be consistent with getting a prompt for username and password when you enter the enable command.
My guess is that when you use the command to change the enable password that you are indeed changing the configured password on the ASA but that it is using the authentication server to authenticate enable access.
HTH
Rick
02-24-2014 02:10 PM
Hi Rick,
DCNetwork in the aaa authentication command refer to the authen server radius.
When i remove the command --aaa authentication serial console LOCAL
then when i console in it take me straight to hostname and propmt and when i enter en then it ask me for username and
password and thats the radius authen that it uses.
So you are right in this case enable access uses the radius auth server.
so my question remains if i config the command
aaa authentication serial console LOCAL
then if i console in and want to use the enable password i need to change
aaa authentication enable console DCNetwork LOCAL to
aaa authentication enable console LOCAL ???????
This change will not impact ssh access for enable pasword right?
Regards
MAhesh
02-24-2014 07:19 PM
Mahesh,
Rick seems to have hit the nail on the head. The aaa authentication that you're using is trying to authenticate against the backend radius server for you to be able to use the enable prompt.
Personally, if you want to just use the local enable password, you can remove the aaa authentication enable line altogether and use the local enable password on the appliance. Make sure that you have one "enable password
HTH,
John
*** Please rate all useful posts ***
02-24-2014 08:22 PM
Hi Rick & John,
I got it now.Took little longer to understand but ok now.
Best regards
Mahesh
02-24-2014 09:19 PM
Can you provied me your total sh run file so may i can helo you that where is problem
you need to remove AAA or acl base AAA from console as well form vty mode
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide