Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
893
Views
0
Helpful
10
Replies

After entering aaa new-model, Unable to console in

Iloveyou
Level 1
Level 1

‎01-07-2024 02:08 AM

Can cisco do something so that even after aaa new-model is entered we can still console in.

Console is last line of defence and should not need authentication.

What can we do to prevent ourselves from being locked out of console?

Labels:
0 Helpful
10 Replies 10

Kasun Bandara
VIP
VIP

‎01-07-2024 02:21 AM

@Iloveyou what is the command set you used to configure AAA

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

M02@rt37
VIP
VIP

‎01-07-2024 02:51 AM

Hello @Iloveyou 

For the con0 you should create a separate authentication profile :

aaa authentication login console local

line con 0

login authentication console

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Georg Pauwen
VIP
VIP

‎01-07-2024 02:52 AM

Hello,

as far as I recall, 'login local' needs to be configured on the console line. If you do not have that, and you add 'aaa new-model' all lines are locked and jyou need:

enable
configure terminal
username <username> privilege 15 secret <password>
aaa authentication login default local
line console 0
login authentication default

0 Helpful

Iloveyou
Level 1
Level 1
In response to Georg Pauwen

‎01-07-2024 06:42 PM

what does login authentication default mean?

How do I know what is default?

0 Helpful

Iloveyou
Level 1
Level 1
In response to Georg Pauwen

‎01-07-2024 06:43 PM

Is "console" a variable we declare by ourselves?

0 Helpful

M02@rt37
VIP
VIP
In response to Iloveyou

‎01-07-2024 09:53 PM

@Iloveyou 

"console" is not a variable that you declare yourself. It is a reserved keyword used to refer to the physical console port of your cisco device.

When you configure settings related to the console port, such as authentication or line parameters, you use the keyword "console" to specify that you are configuring the characteristics of the console port

"login authentication default" sets the default method list for user. It specifies the authentication methods that are used when a user tries to access a device.

When aaa model is configured, authentication login command with the local method keyword to specify that the cisco device will use the local username database for authentication. 

http://stevehardie.com/2015/07/cisco-configure-login-using-username-and-password/

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Iloveyou
Level 1
Level 1
In response to M02@rt37

‎01-09-2024 08:06 AM

So what is the default method list for user?

0 Helpful

Shanza
Level 1
Level 1

‎01-07-2024 10:53 PM

Enable "login local" for emergencies. Remember, with great power comes great responsibility!

Backup Account: Create a secret admin account with local access, just for rainy days. Keep it safe!

Console Server: Get an out-of-band buddy, a dedicated server that lets you in no matter what.

Disable aaa risky: Only if everything else fails, consider this temporary measure. But remember, great power, great responsibility!

Secure AAA: Make your AAA server strong and reliable. Redundancy and disaster planning are your friends.

0 Helpful

Iloveyou
Level 1
Level 1
In response to Shanza

‎01-09-2024 08:06 AM

What if i dont want to set any login for console at all?

0 Helpful

M02@rt37
VIP
VIP
In response to Iloveyou

‎01-09-2024 08:48 AM

Hello @Iloveyou 

No auth on con0 ? It is not recommended.

Command no login under line con0.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card