Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
4
Replies

aaa on routers

carl_townshend
Spotlight
Spotlight

‎05-12-2006 01:27 PM - edited ‎03-05-2019 11:54 AM

can anyone tell me how I would get my switches/routers etc to ask for a username, do I just type new aaa model, then aaa username xxxxx password xxxx ?

Labels:
0 Helpful
4 Replies 4

a.giorgi
Level 1
Level 1

‎05-12-2006 04:19 PM

Hi carl:

Try this:

router(config)#username xxx password xxx

router(config)#aaa new-model

router(config)#aaa authentication login default local

I hope it help (rate if it does)

Regards

Alberto Giorgi from spain

0 Helpful

tekha
Level 3
Level 3
In response to a.giorgi

‎05-13-2006 09:12 AM

You could add "aaa authorization exec default local", in order to skip the enable password.

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to a.giorgi

‎05-15-2006 05:42 AM

would i not type aaa new model first ? then do the username and password etc ?, also when setting up a router from default I get username and password anyway even though aaa is not configured, would this be the normal vty password, if so where is the username config?

thanks

0 Helpful

brianprice
Level 1
Level 1

‎05-17-2006 07:00 AM

I have found best practice is to change the context of the username/password so I knew when the authentication had gone back to local authentication, ACS, or another tacacs+/Radius box. Also, I have always cleared the AAA configuration before reapplying the new and improved configuration. Make sure you have the correct passwords (enable, vty, console, enable secret, username) before performing this function. Do not save the configuration to memory until you have successfully completed a functional test.

This would be an example of my recommendation use TACACS+ as primary authentication and use local on failover-*Note: I have changed the username prompt to lower case when the process resorts to local username authentication:

username xxxxxxx password yyyyyyyy

no aaa new-model

aaa new-model

aaa authentication password-prompt password:

aaa authentication username-prompt username:

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs local

aaa authentication login ppp group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card