08-30-2010 03:18 PM - edited 03-04-2019 09:36 AM
Hello All,
I recently configured a 2921 router for aaa & SSH .... here are the sample configs. followed by the problem encountered.
!
ip domain name mmmove.corp
!
username xxyz privilege 15 password zzyx
!
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
line con 0
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
!
crypto key generate rsa modulus 1024 general-keys
!
Here's the problem - I'm getting locked out of the router. The research I completed stated that the local database has to be established prior to any aaa configurations being applied. That order of operation is being followed.
But, once I logout and try to log back in - I get authentication failed!!!!!!
If there something I'm missing here - breaking into the router constantly can't be the solution lol!!!????
My Sincerest Thanks.
08-30-2010 05:31 PM
Hello,
Please try the following:
username "username" password "password"
enable password "enable pass"
aaa new-model
aaa authentication login test local line
line vty 0 4
login authentication test
exit
Hope this helps.
Regards,
NT
08-30-2010 07:40 PM
I will try your modification out Nagaraja ..... Thanks.
Would you also, explain where the faults are in the original post. I would like to know why the original configuration used is not working.
08-30-2010 09:13 PM
Hello,
When you configured "aaa authentication login default local" technically,
even that should work (as per documentation). In fact, I tried again with
the "aaa authentication login default local" and "logging authentication
default" (under the line vty) and it worked with the local username. I guess
it takes some time for it to sync.
Regards,
NT
08-30-2010 10:00 PM
To the original poster: are you sure that it is a problem with authentication failed. I have had experiences that seem similar to yours which actually turned out to be authorization failed rather than authentication failed.
Perhaps you would test again and post the commands entered and the exact error message generated by the router?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide