I have much to learn.  Much.  I think I only added vty 0 4 because the Software Config Guide for the 890's sort of implied Ishould, but I later saw that vty 5 15 was already there by default.  So I compared the two and noticed that "login local" thing.  My vty 0 4 had only "login".  The SCG did not mention this little fact (perhaps the documentation team needs to know?) I guess "local" means a password list local to the rotuer as opposed to some kind of external one or someting.  Adding that fixed the problem though. 

I've always known that I need to become CCNA to even unbox a Cisco router but this kind of stuff just proves it.  That will take time of course but meanwhile I will need to use this forum frequently I think.  Thank you Alain for your help! 

Hi,

you're welcome.

Yes login local means use the user/password credentials configured locally on the router, if you want to use credentials stored on a radius/tacacs+ server you would need to configure AAA and either use a default method and then it will automaically applied to all lines or a named method which you can explicitly configure on a line to override the default method.

here is an example:

1) default method which uses radius server and defaults back to local if the server is not responding

  aaa new-model

  aaa authentication login default group radius local

  radius-server host x.x.x.x key XXX

  so nothing to configure under lines

2) named method MY_AUTH using radius and line password if the server is not responding

aaa new-model

aaa authentication login MY_AUTHt group radius line

radius-server host x.x.x.x key XXX

line vty 0 4

password cisco

login authentication MY_AUTH

Regards.

Alain.

I apologize for not replying sooner, sometimes I lose track. Will remember to review this thread soon. Thank you!

Sent from Cisco Technical Support iPad App