Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
837
Views
1
Helpful
12
Replies

Console Local Login with aaa new-model issue

Go to solution
dflowers
Level 1
Level 1

‎05-07-2025 12:48 PM

Hi All,

Have an issue configuring a cisco C8200-1N-4Twith IOS-XE 17.06.06a for local console login with no external servers. I have use the following commands but still can not authenticate. 

aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local

username WMS-RTR-Admin privilege 15 password 7 10631F1811001C5F0E4C1E0907113B270653

enable secret 9 $9$nQo1zgfAtxeaDE$rPXZbytNTplMq95VmA1stMSWYFJ4It2d8O6UYRzdUVI

Can't see what I'm doing wrong, please point me in the right direction.

Thank you

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to dflowers

‎05-08-2025 05:24 AM

OK, so by default this command is written.

What is the symptom when you try to connect via console port ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful

Go to solution
dflowers
Level 1
Level 1
In response to M02@rt37

‎05-08-2025 07:19 AM

Hi M02@rt37,
With aaa authentication login default added to the global configuration, I am prompted for a used name and password. The login attempt fails every time. I have bypassed the configuration to verify/change the password but the same results.
Without aaa authentication login default added to the global configuration, the router does not prompt for a username just the enable security password.
I have used the options of local and line and even none but still can't login with aaa authentication login default added to the global configuration.
This router( C8200-1N-4T ) is at IOS version 17.6.6a, this router is new to me. In the process of replacing a 2921 router.
Thank you for responding

View solution in original post

0 Helpful
12 Replies 12

Go to solution
M02@rt37
VIP
VIP

‎05-07-2025 01:00 PM

Hello @dflowers 

Add this under line con 0:

login authentication default

Please share line con 0 config. 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
dflowers
Level 1
Level 1

‎05-07-2025 01:05 PM

Hello I added that statement but still was not successful, I will add it back to the configuration. When I do add that statement back into the configuration, it does not appear when I do show config 

line con 0
exec-timeout 0 0
stopbits 1

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to dflowers

‎05-08-2025 05:24 AM

OK, so by default this command is written.

What is the symptom when you try to connect via console port ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
dflowers
Level 1
Level 1
In response to M02@rt37

‎05-08-2025 07:19 AM

Hi M02@rt37,
With aaa authentication login default added to the global configuration, I am prompted for a used name and password. The login attempt fails every time. I have bypassed the configuration to verify/change the password but the same results.
Without aaa authentication login default added to the global configuration, the router does not prompt for a username just the enable security password.
I have used the options of local and line and even none but still can't login with aaa authentication login default added to the global configuration.
This router( C8200-1N-4T ) is at IOS version 17.6.6a, this router is new to me. In the process of replacing a 2921 router.
Thank you for responding
0 Helpful

Go to solution
Jens Albrecht
Level 1
Level 1

‎05-08-2025 02:53 AM

Hello @dflowers,

the config snipet you posted looks good, nothing obviously wrong.

Are you prompted for username/password repeatedly when you try to connect via console?

Can you ssh into your device?
If yes, then open a terminal via ssh and enter the commands "terminal monitor", "debug aaa authentication" and "debug aaa authorization" in privileged mode. Try to login via console and post the debug output.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-08-2025 06:56 AM

Add 

Login authc defualt 

Exec authz defualt 

Under console and check 

MHM

0 Helpful

Go to solution
dflowers
Level 1
Level 1
In response to MHM Cisco World

‎05-08-2025 07:06 AM

Hi HM Cisco World,
Login authentication default when entered does reflect under the console line 0
Exec authentication does not appear to be a valid command.
This cisco C8200-1N-4T does not response to the command strings, all new to me.
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dflowers

‎05-08-2025 07:12 AM

authorization exec default <<- correct command' add it under console 

Try Use show run all to see command add under console 

MHM

0 Helpful

Go to solution
dflowers
Level 1
Level 1
In response to MHM Cisco World

‎05-08-2025 07:29 AM

Hi, entered command as you described but with same results.

UURWASR010#config t
Enter configuration commands, one per line. End with CNTL/Z.
UURWASR010(config)#aaa authorization console
UURWASR010(config)#line console 0
UURWASR010(config-line)#authorization exec default
UURWASR010(config-line)#
UURWASR010#wr
Building configuration...
>From line Console 0 :
line con 0
motd-banner
exec-banner
exec-timeout 0 0
timeout login response 30
privilege level 1
flush-at-activation
activation-character 13
logout-warning 20
absolute-timeout 0
data-character-bits 8
exec-character-bits 7
special-character-bits 7
domain-lookup
exec
length 24
width 80
history size 10
history
editing
monitor
escape-character soft DEFAULT
escape-character DEFAULT
autohangup session-timeout
databits 8
stopbits 1
start-character 17
stop-character 19
speed 9600
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to dflowers

‎05-08-2025 12:01 PM

It seems to me that there are two possible issues here: 1) problem with authentication 2) problem with authorization. I strongly suspect that the issue is about authorization. So my suggestion is to remove the authorization commands (leaving only the authentication command). If you are then able to login, then we know to focus on authorization configuration. If it still does not work then we can focus on the authentication commands.

HTH

Rick

Go to solution
dflowers
Level 1
Level 1
In response to Richard Burts

‎05-08-2025 12:14 PM

Thank you, Mr. Burts
Will do and post the results
0 Helpful

Go to solution
Jens Albrecht
Level 1
Level 1

‎05-08-2025 12:18 PM

Did you have a chance to collect the debug output as suggested above?

In case that you are not familiar with debug commands, then this is what you need to do:

  • Enter priviledged mode
  • Enter the command "terminal monitor". This is needed for remote sessions to see the log and debug messages
  • Enter the command "debug aaa authentication"
  • Enter the command "debug aaa authorization"
  • Try to log in via console
  • Enter the command "undebug all" to stop debugging
  • Post the output of the debug messages

Based on the output we should be able to narrow down what is going on.

HTH!

0 Helpful
Customers Also Viewed These Support Documents
Top