cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4694
Views
0
Helpful
10
Replies
Highlighted

enable asking for username

cat 6500 running IOS 12, enable command asks for username, not just the password. Where command controls this behavior?

10 REPLIES 10
Highlighted
Cisco Employee

You can try using the "no

You can try using the "no login" command and than issue "enable secret password" and see if the router let you in without any username.

First let us consider what is the basic problem. Without aaa new-model the default for authentication (on console and on vty) is to use the line password. But when you enable aaa new-model then the default for authentication becomes local - and this generates the prompt for a user name, and will check the entered user name against any locally configured user names and passwords.

When you configured aaa new-model and authentication dot1x then it set the default for authentication to use locally configured user ID and password. The suggestion from John to create a named authentication method and assign it to the vty would solve your issue on the vty (but not on the console). My suggestion is to create a default authentication which uses the line password. This will solve the issue on both the vty and the console. It might look something like this

aaa authentication login default line

That should get you back to needing only to enter the line password on the console and on the vty and would not impact the dot1x authentication/

Ref:- from one of the CSC link.

HTH

Regards

Inayath

Highlighted

I will test it and report

Thanks. I will test it and report back. The device uses aaa tacacs for authentication.

Highlighted
Beginner

if you are using TACACS for

if you are using TACACS for authenticating then you have to provide the username and password which was prvided by TACACS admin, usually they create different users with different privileges, you can use "show privilege" if you have access to device, also you can use "no aaa new-mode" in configuration mode which will stop TACACS authentication and if you have router credential you can login easily.

Hope that help.

Kindest Regards,

Uzair 



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
Highlighted

I noticed a different

I noticed a different behavior on certain devices (all with tacacs) that I have to enter the username and enable secret (provided by tacasc) instead of just enable secret. It's the same user that I logged into the device with.

Highlighted
Beginner

TACACS doesn't work in that

TACACS doesn't work in that way, reason for TACACS to avoid this enable password way, it seems something could be wrong in configuration for TACACS section, can you please share the output for TACACS configuration from any device where you are having this issue "show running-config | include tacacs" would be enough also appreciate if you can share "show running-config | include vty"

Kindest Regards,

Uzair



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
Highlighted

Will get the config when I

Will get the config when I get a chance.

There is probably something like this on other devices. 

aaa authentication enable default tacacs+ enable

Highlighted
Beginner

"aaa authentication login"

"aaa authentication login" should have been there, appreciate if you can share the exact config to diagnose further.

Thanks.

Kindest Regards,

Uzair



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
Highlighted

aaa config is exactly the

aaa config is exactly the same

aaa auth login

aaa auth enable

Both devices are running 12.2(17r) but one is asking for enable username, not just enable password. both login and enable are via aaa credentials.

Highlighted
Beginner

Re: enable asking for username

I have a similar issue - very basic config just for lab..  added enable and secret passwords and now it is prompting me for a unsername from vty or console logins.. now i am locked out... grrrr

 

No username configured...

I really don't feel like breaking in... lol

 

enable secret 5 $1$83uX$eSEhlhb9D0d.2pMyphMUa/
enable password Cisco
!
no aaa new-model

 

line con 0
password cisco
login local
line vty 0 4
password cisco
login local
line vty 5 15
password cisco
login local

 

 

Highlighted
Beginner

Re: enable asking for username

DOH!

After posting this I re-read the config... login "local" lol.... SMH facepalm
Content for Community-Ad