Can't seem to get aaa to login with local accounts.

grassopj · ‎08-18-2016

Hi guys,

I think I must be missing something simple here, but I can't seem to get this to work:

username admin password 0 peter priv 15

aaa new-model

aaa authentication login default local

When I try to telnet into the switch:

User Access Verification

Username: admin
Password:

% Authentication failed

Any ideas on what I am not doing correctly ?

-Pete

Luke Oxley · ‎08-18-2016

Hey grassopj,

Thanks for the post. Have you specified the authentication method under your VTY lines?

vty 0 15
 login authentication default

Best regards,

Luke

Please rate helpful posts and mark correct answers.

grassopj · ‎08-18-2016

Hi Luke,

I have applied the method to vty 0 15:

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 15
Switch(config-line)# login authentication default
Switch(config-line)#end
Switch#

The config now looks like:

username admin password 0 peter priv 15
aaa new-model
aaa authentication login default local
!
line con 0
password peter
line vty 5 15
!

I guess that's the default for vty line setups, so it doesn't show anything extra. I still get the same result when I try to telnet in though. "% Authentication failed " I'm sure this used to work.

-Pete

grassopj · ‎08-19-2016

Thanks guys, I'm glad it was a simple mistake on my part - I think I have entered it the other way around on the ASA devices I've been working on recently.

I guess that the only reason that I did not get an error was that spaces are acceptable characters in a password string ?

Regardless, I just tried it on a switch and it works perfectly - problem solved, much appreciated !

-Pete

ahmedshoaib · ‎08-19-2016

Hi;

There is no issue with reference to your configuration, the issue is you enter the wrong password to access your network device. As per current configuration your password is peter priv 15 .

To assign the privildge level 15 assign specific use is via below command:

username admin privilege 15 password 0 cisco.

Note: Password should be assign in the last.

Thanks & Best regards;

Luke Oxley · ‎08-19-2016

grassopj,

Good spot by ahmedshoaib there. The syntax of the username command (at least in the versions of IOS I've worked with anyway) you need to specify the priviledge before the password. I didn't spot that in your configuration.

Remember, the "?" is your best friend.

Kind regards,

Luke

Please rate helpful posts and mark correct answers.

grassopj · ‎08-19-2016

Thanks guys, I'm glad it was a simple mistake on my part - I think I have entered it the other way around on the ASA devices I've been working on recently.

I guess that the only reason that I did not get an error was that spaces are acceptable characters in a password string ?

Regardless, I just tried it on a switch and it works perfectly - problem solved, much appreciated !

-Pete

Luke Oxley · ‎08-19-2016

grassopj,

I just checked on my ASA lab and yes, the priviledge level is assigned after the password string in the syntax. That'll be the confusion! Spaces are an acceptable char in password strings yes.

All the best,

Luke

Please rate helpful posts and mark correct answers.

Johnytech78 · ‎06-16-2022

I believe you should configure enable secret on the switch and when it asks for local password that is what it is referring to not the username password.