Re: AAA not working for telnet or SSH, works for HTTP - Cat 3750G - Page 2

OldGreyBeast · ‎06-15-2023

I know it's old, but I've got 2 48p Catalyst 3750Gs running IOS 15. I've setup SSH on cat switches before without issue but for some reason this one is just being super resistant. I can log in with my user account to the HTTP interface without any issues, but it says login failed for both SSH and telnet. I've generated the rsa keys and whatnot, putty connects just fine, it just always says that authentication failed. It does this with both accounts i've added. Both accounts work fine on HTTP.

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname house-cat3750G
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 [redacted]
!
username [redacted] secret 5 [redacted]
username [redacted] secret 5 [redacted]
aaa new-model
!
!
aaa authorization exec default local
!
!
aaa session-id common
clock timezone UTC -6 0
clock summer-time UTC recurring
switch 1 provision ws-c3750g-48ps
system mtu routing 1500
ip domain-name DOMAIN.com
!
!
!
[interface/crypto key configs removed to save space]

!
interface Vlan99
ip address 10.10.10.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.254
ip http server
ip http secure-server
!
!
!
!
!
vstack
!
line con 0
line vty 0 4
session-timeout 28800
password 7 [redacted]
transport input telnet ssh
transport output telnet ssh
line vty 5 15
session-timeout 28800
password 7 [redacted]
transport input telnet ssh
transport output telnet ssh
!
end

OldGreyBeast · ‎06-15-2023

Ok, I followed the steps above (including creating the mhm account). I'm unable to login via SSH or telnet. I'm also now unable to access the console again. All 3 of these accounts are very simple (jason/jason, admin/admin, mhm/mhm) so I know I'm not mis-keying the passwords.

OldGreyBeast · ‎06-15-2023

Do you think I should drop this switch back to 12.2?

MHM Cisco World · ‎06-15-2023

Give me half hour I will try config in my lab.

Thanks

MHM

MHM Cisco World · ‎06-15-2023

username [redacted] secret 5 [redacted]
username [redacted] secret 5 [redacted] <<- these not work

OldGreyBeast · ‎06-15-2023

Correct, neither account works.

MHM Cisco World · ‎06-15-2023

enable password mhm
!
aaa new-model
!
aaa authentication login default local
!
username mhm password 0 mhm
username mhm2 privilege 15 password 0 mhm2
!
interface Ethernet0/0
ip address 100.0.0.1 255.255.255.0
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
transport input telnet

OldGreyBeast · ‎06-15-2023

Hmm, what version of IOS is your lab running? My GNS3 instance has 12.2. Curious if it's something weird with 15.0.

MHM Cisco World · ‎06-15-2023

I Dont think so'

Only add username password with privilege and remove password from line.

OldGreyBeast · ‎06-15-2023

I fiddled with it for a while and couldn't get it to work. Cleared the entire config, built it back exactly like yours, and it still doesn't work. Any time I turn on aaa, it locks me out of console, telnet, and SSH.

I'm going to try reverting it to 12.2 tomorrow and see if that makes a difference.

OldGreyBeast · ‎06-16-2023

Downgraded from 15.0(2) to the latest 12.2 and the issue is resolved.

Very odd, but at least I know I wasn't being stupid.

MHM Cisco World · ‎06-16-2023

Oh happy ending
with your original config or with my config, which is work ?

OldGreyBeast · ‎06-16-2023

I loaded my original config back into it before doing the downgrade

OldGreyBeast · ‎06-16-2023

Thank you for all your help!

MHM Cisco World · ‎06-16-2023

You are so so welcome
have a nice day friend
MHM