The VTY's read

line vty 0

exec-timeout 30 0

password 7 062506324F1E26090005131F050B2438

logging synchronous

line vty 1 4

exec-timeout 30 0

password 7 096F471A1A5538020E1E053E222B2620

logging synchronous

Try adding "login" to both "line vty 0" and "line vty 1 4"?

do you perhaps have the router configured with something like:

aaa authentication login default group tacacs+

If so the prompt for user name is not generated locally by the router (which is what the replies so far have assumed) but is generated by a request from the aaa server. If you want to not have the prompt for username removce the aaa configuration.

HTH

Rick

I do have the router setup for AAA so users can vpn to the router to gain access to local resourses. Since I have this does this mean I will alwasy have a username and password prompt when I telnet to the rtr?

Here is the config

aa group server radius IAS

server XXX.XXX.XXX.XXX auth-port 1645 acct-port 1646

!

aaa authentication login userauthen group IAS

aaa authorization network groupauthor local

aaa accounting network default start-stop group IAS

aaa session-id common

You will always get this when aaa is enabled and the device is set to authenticate with tacacs/radius. I would recommend keeping the local usernames in the event that your ACS goes down. That way you will still have a login. Hope this helps.

Johny

Actually when you have configured aaa authentication, then things like login local do not work any more.

I faced a situation like this at a customer site where we wanted authentication for telnet to work differently that users accessing the router other ways (which would include VPN).

The solution we came up with defines two authentication methods, the default and a local one (which I will call admin). The default uses aaa and tacacs (or in your case radius) and the admin would use local authentidation. The config would look something like this.

line con 0

login authentication admin

line vty 0 4

login authentication admin

!

aaa authentication login default group IAS

aaa authentication login admin local

With this config the VPN users would authenticate with radius which would require userID and password while people logging in to the console or to telnet would only be prompted for the normal line password.

HTH

Rick

I was reading through the replies to this post and appreciate how you laid out the vty information.

Would you happen to know what would happen with this configuration?

vty line 0 4

password yourpassword

Without the keyword, login, would someone be prompted for a password? I know vty lines require a password to work, and I believe you need keyword login to get the password prompt...if both are the case, what would happen if login was not configured but password was?

Get access to User Exec without password via telnet?

The configuration you ask about in which the vty ports are configured with a password but without the login command is essentially the configuration that the original poster was asking about.

The behavior you describe of being able to get into user mode without a password if the vty ports did not have login specified was the traditional behavior and is the case now if there is no aaa configured. However when aaa is configured the behavior of the router changes and one of the changes is that the vty ports are treated as if there were a login command even if there is not one in the config. So in the configuration that you ask about where aaa is configured and the vty has a password but no login command then aaa will use the default login authentication method (however that is configured on your router).

HTH

Rick