Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4657
Views
0
Helpful
6
Replies

Basic 3850 Management port and remote SSH access with Local User auth!

vodafonegsmart
Level 1
Level 1

‎03-30-2015 06:25 AM - edited ‎03-07-2019 11:19 PM

Hi guys,

 

Im really struggling to get this working.

I just want remote SSH to my 3850 switch via its management interface yet I cant get it to use damn local authentication no matter what.

The Cisco DOC's appear wrong as the commands just dont work.

 

I have set an IP on my g0/0 interface.

I can SSH to it, enter my user and password and it just doesnt let me in.

 

I put these commands in, but it still doesnt work.

aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local

 

 

I created a username password for Priv 15.

 

What am I doing wrong?

 

I just see these lines in the console:

*Mar 30 05:31:22.402: AAA/AUTHEN/LOGIN (00000FB5): Pick method list 'default'
*Mar 30 05:31:25.376: AAA/AUTHEN/LOGIN (00000FB5): Pick method list 'default'
*Mar 30 05:31:30.735: AAA/AUTHEN/LOGIN (00000FB5): Pick method list 'default'

 

 

It lets me login with the "admin" user just not one that I create.

 

Thansk

g

Labels:
0 Helpful
6 Replies 6

apasillas
Level 1
Level 1

‎03-30-2015 09:05 AM

You need the vty lines

conf t

line vty 0 4
 login local
 transport input ssh

 

 

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/swauthen.html#wp1227177

0 Helpful

vodafonegsmart
Level 1
Level 1
In response to apasillas

‎03-30-2015 10:47 AM

Yep, They are there too.

I can login as mentioned with the "admin" username. Just cant login with any other username I make?

0 Helpful

apasillas
Level 1
Level 1
In response to vodafonegsmart

‎03-30-2015 11:50 AM

can you upload the full code please, you can erase interfaces and that stuff. 

0 Helpful

apasillas
Level 1
Level 1
In response to vodafonegsmart

‎03-30-2015 11:50 AM

can you upload the full code please, you can erase interfaces and that stuff. 

0 Helpful

Martin L
VIP
VIP
In response to vodafonegsmart

‎07-14-2019 09:38 AM


I think that's by default and by designed; btw admin is username , what's password ?
0 Helpful

Robert Falconer
Level 1
Level 1

‎03-31-2015 09:16 AM

If you just want to use local auth, you shouldn't need any AAA settings.

Configuring vty with 'login local' is enough. I use it in my lab.

username xxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxx
no aaa new-model

line vty 0 4
 password 7 xx
 login local
 transport input ssh
line vty 5 15
 password 7 xx
 login local
 transport input ssh

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card