- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2025 12:48 PM
Hi All,
Have an issue configuring a cisco C8200-1N-4Twith IOS-XE 17.06.06a for local console login with no external servers. I have use the following commands but still can not authenticate.
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
username WMS-RTR-Admin privilege 15 password 7 10631F1811001C5F0E4C1E0907113B270653
enable secret 9 $9$nQo1zgfAtxeaDE$rPXZbytNTplMq95VmA1stMSWYFJ4It2d8O6UYRzdUVI
Can't see what I'm doing wrong, please point me in the right direction.
Thank you
Solved! Go to Solution.
- Labels:
-
Unified Communications
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 05:24 AM
OK, so by default this command is written.
What is the symptom when you try to connect via console port ?
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 07:19 AM
With aaa authentication login default added to the global configuration, I am prompted for a used name and password. The login attempt fails every time. I have bypassed the configuration to verify/change the password but the same results.
Without aaa authentication login default added to the global configuration, the router does not prompt for a username just the enable security password.
I have used the options of local and line and even none but still can't login with aaa authentication login default added to the global configuration.
This router( C8200-1N-4T ) is at IOS version 17.6.6a, this router is new to me. In the process of replacing a 2921 router.
Thank you for responding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2025 01:00 PM
Hello @dflowers
Add this under line con 0:
login authentication default
Please share line con 0 config.
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2025 01:05 PM
Hello I added that statement but still was not successful, I will add it back to the configuration. When I do add that statement back into the configuration, it does not appear when I do show config
line con 0
exec-timeout 0 0
stopbits 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 05:24 AM
OK, so by default this command is written.
What is the symptom when you try to connect via console port ?
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 07:19 AM
With aaa authentication login default added to the global configuration, I am prompted for a used name and password. The login attempt fails every time. I have bypassed the configuration to verify/change the password but the same results.
Without aaa authentication login default added to the global configuration, the router does not prompt for a username just the enable security password.
I have used the options of local and line and even none but still can't login with aaa authentication login default added to the global configuration.
This router( C8200-1N-4T ) is at IOS version 17.6.6a, this router is new to me. In the process of replacing a 2921 router.
Thank you for responding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 02:53 AM
Hello @dflowers,
the config snipet you posted looks good, nothing obviously wrong.
Are you prompted for username/password repeatedly when you try to connect via console?
Can you ssh into your device?
If yes, then open a terminal via ssh and enter the commands "terminal monitor", "debug aaa authentication" and "debug aaa authorization" in privileged mode. Try to login via console and post the debug output.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 06:56 AM
Add
Login authc defualt
Exec authz defualt
Under console and check
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 07:06 AM
Login authentication default when entered does reflect under the console line 0
Exec authentication does not appear to be a valid command.
This cisco C8200-1N-4T does not response to the command strings, all new to me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 07:12 AM
authorization exec default <<- correct command' add it under console
Try Use show run all to see command add under console
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 07:29 AM
UURWASR010#config t
Enter configuration commands, one per line. End with CNTL/Z.
UURWASR010(config)#aaa authorization console
UURWASR010(config)#line console 0
UURWASR010(config-line)#authorization exec default
UURWASR010(config-line)#
UURWASR010#wr
Building configuration...
>From line Console 0 :
line con 0
motd-banner
exec-banner
exec-timeout 0 0
timeout login response 30
privilege level 1
flush-at-activation
activation-character 13
logout-warning 20
absolute-timeout 0
data-character-bits 8
exec-character-bits 7
special-character-bits 7
domain-lookup
exec
length 24
width 80
history size 10
history
editing
monitor
escape-character soft DEFAULT
escape-character DEFAULT
autohangup session-timeout
databits 8
stopbits 1
start-character 17
stop-character 19
speed 9600
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 12:01 PM
It seems to me that there are two possible issues here: 1) problem with authentication 2) problem with authorization. I strongly suspect that the issue is about authorization. So my suggestion is to remove the authorization commands (leaving only the authentication command). If you are then able to login, then we know to focus on authorization configuration. If it still does not work then we can focus on the authentication commands.
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 12:14 PM
Will do and post the results
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2025 12:18 PM
Did you have a chance to collect the debug output as suggested above?
In case that you are not familiar with debug commands, then this is what you need to do:
- Enter priviledged mode
- Enter the command "terminal monitor". This is needed for remote sessions to see the log and debug messages
- Enter the command "debug aaa authentication"
- Enter the command "debug aaa authorization"
- Try to log in via console
- Enter the command "undebug all" to stop debugging
- Post the output of the debug messages
Based on the output we should be able to narrow down what is going on.
HTH!
