cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
581
Views
0
Helpful
5
Replies

LINE CONSOLE LOGIN QUERY

Vishal Kolamkar
Level 1
Level 1

I have enabled below authentication on console 0. Could you please tell which authentication console port will use?

Config is as below

username SA_PAM_01 privilege 15 secret 5 $1$1RYK$BN8mO.rsxb49/Hpr.sInE/

!

aaa authentication password-prompt "No network access use local passwords. Password: "
aaa authentication login default local
aaa authentication login ITVConsole line
aaa authorization console
aaa authorization exec default local
!

line con 0
password 7 06075E36481F04155702

login authntication default

Will it use password defined under console 0 ie type 7 password? Or will it use local username password?

5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni

It should use the username/password line due to the fact you set AAA as default local so it reverts to local usernam database

Thanks Mark Useful info :) When it comes to configuring access level configuration on devices i am bit afraid of loosing acess :) even though we configure routing/swicthing very easily.

Have a good day Mark

Yes I think we all worry about locking ourselves out like that working remotely on access and wan fixes, something I always use on my remote sites when working if your not aware of it

reload in 10

so when you make the change and if you get locked out router will automatically reboot in 10 minutes and reset what you just did getting you access back , it does obviously cause a service effecting issue but if its at night or very remote it  can save someone a trip to site

if your change worked then do

reload cancel

Hello

You have two methods for authentication listings specified - However you don't show if the " ITVConsole"  is applied to the console line and if it isn't, Has Mark has stated it will default to the "default local" and as such will use the local database for access.

line console 0
aaa authentication  ITVConsole

Also when you use an non default authentication listing I would also apply some authorisation commands to allow you work on the device

aaa authorization commands 0 ITVConsole if-authenticated
aaa authorization commands 1 ITVConsole if-authenticated
aaa authorization commands 15 ITVConsole if-authenticated

An alternative to using AAA for console would be the use the activation-character, Which will allow acces on a given keystroke, I have used character 64 which equals @ keystroke in the past, but you can choose your own. - Here

line console 0
no login authentication
activation-character 64

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks Paul..Useful Info for me

Review Cisco Networking for a $25 gift card