07-23-2023 01:54 PM
There's a question in the study guide:
Your router is configured as follows:
R1# show run | i aaa|username
aaa new-model
username ENARSI password 0 EXAM
R1# show run | s vty
line vty 0 4
password cisco
transport input all
R1#
Based on the configuration, what will occur when someone uses Telnet to reach the router?
a. Authentication will fail because there is no AAA method list.
b. The user will be required to use the line password cisco.
c. The user will be required to use the username ENARSI with the password EXAM.
d. The user will be granted access either with the username ENARSI with the password EXAM or with the line password cisco.
I answered b.
The answer key points to c. I am confused as I do not see anything in line vty 0 4 which points to AAA authentication. Is this applied by default when aaa new-model is enabled?
Solved! Go to Solution.
07-24-2023 02:35 AM
I add aaa new-model and also password under line vty
when I access to R1 I use username/password not password add under vty line
from cisco doc.
All users are authenticated with the Radius server (the first method). If the Radius server does not respond, then the router local database is used (the second method). For local authentication, define the username name and password:
Router(config)#username xxx password yyy
Because the list default in the aaa authentication login command is used, login authentication is automatically applied for all login connections (such as tty, vty, console and aux).
Configure Basic AAA on an Access Server - Cisco
so at end
it correct VTY will use line password
username ENARSI password 0 EXAM <<- this called line password
07-23-2023 02:25 PM
Hi @hfakoor222
That correct.
"
When you remove "AAA new-model", the default method will be "login" under line and not “login local”. This behavior is seen on all Cisco IOS versions."
07-23-2023 03:01 PM
I will check by lab.
07-24-2023 02:35 AM
I add aaa new-model and also password under line vty
when I access to R1 I use username/password not password add under vty line
from cisco doc.
All users are authenticated with the Radius server (the first method). If the Radius server does not respond, then the router local database is used (the second method). For local authentication, define the username name and password:
Router(config)#username xxx password yyy
Because the list default in the aaa authentication login command is used, login authentication is automatically applied for all login connections (such as tty, vty, console and aux).
Configure Basic AAA on an Access Server - Cisco
so at end
it correct VTY will use line password
username ENARSI password 0 EXAM <<- this called line password
07-23-2023 10:32 PM - edited 07-23-2023 10:35 PM
Hello @hfakoor222,
Correct!
The 'aaa new-model' command just activates aaa on your router and nothing more.
Because aaa is activated, the 'login local' command is no more available on lines (vty/con0).
Because you don't have no more configuration on aaa, default behavior is to use local account, even if you have password cisco configured on lines.
07-24-2023 10:12 AM
under line vty 0 4
I had to define
login authentication default
login authentication method1
where I defined method1 as
default local
and so it made local password checking available on vty 0 4 as well as aaa checking
line vty 0 4
login authentication default
login authentication method1
of couse I could've defined both aaa and local under the same method and apply it to the line
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide