Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
5
Replies

LINE CONSOLE LOGIN QUERY

Vishal Kolamkar
Level 1
Level 1

‎05-05-2016 12:37 PM - edited ‎03-08-2019 05:38 AM

I have enabled below authentication on console 0. Could you please tell which authentication console port will use?

Config is as below

username SA_PAM_01 privilege 15 secret 5 $1$1RYK$BN8mO.rsxb49/Hpr.sInE/

!

aaa authentication password-prompt "No network access use local passwords. Password: "
aaa authentication login default local
aaa authentication login ITVConsole line
aaa authorization console
aaa authorization exec default local
!

line con 0
password 7 06075E36481F04155702

login authntication default

Will it use password defined under console 0 ie type 7 password? Or will it use local username password?

Labels:
0 Helpful
5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni

‎05-05-2016 02:02 PM

It should use the username/password line due to the fact you set AAA as default local so it reverts to local usernam database

0 Helpful

Vishal Kolamkar
Level 1
Level 1
In response to Mark Malone

‎05-08-2016 10:16 PM

Thanks Mark Useful info :) When it comes to configuring access level configuration on devices i am bit afraid of loosing acess :) even though we configure routing/swicthing very easily.

Have a good day Mark

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Vishal Kolamkar

‎05-09-2016 12:40 AM

Yes I think we all worry about locking ourselves out like that working remotely on access and wan fixes, something I always use on my remote sites when working if your not aware of it

reload in 10

so when you make the change and if you get locked out router will automatically reboot in 10 minutes and reset what you just did getting you access back , it does obviously cause a service effecting issue but if its at night or very remote it  can save someone a trip to site

if your change worked then do

reload cancel

0 Helpful

paul driver
VIP
VIP

‎05-06-2016 02:03 AM

Hello

You have two methods for authentication listings specified - However you don't show if the " ITVConsole"  is applied to the console line and if it isn't, Has Mark has stated it will default to the "default local" and as such will use the local database for access.

line console 0
aaa authentication  ITVConsole

Also when you use an non default authentication listing I would also apply some authorisation commands to allow you work on the device

aaa authorization commands 0 ITVConsole if-authenticated
aaa authorization commands 1 ITVConsole if-authenticated
aaa authorization commands 15 ITVConsole if-authenticated

An alternative to using AAA for console would be the use the activation-character, Which will allow acces on a given keystroke, I have used character 64 which equals @ keystroke in the past, but you can choose your own. - Here

line console 0
no login authentication
activation-character 64

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Vishal Kolamkar
Level 1
Level 1
In response to paul driver

‎05-08-2016 10:10 PM

Thanks Paul..Useful Info for me

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card