Good day Marvin,

Thank you for your post. No, I hadn't added that command, but I have now, and that's resolved the issue - thank you!

Is that a new feature command with IOS-XE software? I've never configured that before. I also notice that when in line config mode (switch(config-line)#) that the command 'login local' is no longer available. I think it just assumes login local by default unless you specify otherwise?

Thanks again,

Olly

Hi,

privilege level 15 under VTY lines should never be implemented in production network because anyone that succeeded authentication(even levels < 15) has now the super user powers.you should be usin local  authorization instead.Also once you use AAA login local has no effect anymore,by default it is the default autentication method which is used by the lines.

Regards

Alain

Don't forget to rate helpful posts.

I just use it where no external AAA server is available and ther is a small local support staff with limited (or no) AAA expertise and only one local username.

Thanks both -

Just noticed something else...

When I connect using telnet I see the following:

*******************************************************************************
**  NOTICE:  This network system is solely for the use of authorised users   **
**           for purposes authorised by our organization.                    **
**           Access is restricted to authorised users only. Unauthorised     **
**           access of this computer system is a violation of state and      **
**           federal, civil and criminal laws.                               **
**           You have no expectation of privacy in the use of this computer  **
**           system. To ensure that the computer system is functioning       **
**           properly, individuals using this system are subject to having   **
**           all their activities on the computer system monitored and       **
**           recorded by personnel of our organization.                      **
**           Use of this computer system by you evidences your express       **
**           consent to such monitoring and your agreement that if such      **
**           monitoring reveals evidence of possible abuse or conduct of     **
**           criminal activity, personnel may provide the evidence of such   **
**           activity to law enforcement authorities.                        **
*******************************************************************************

Password required, but none set

User Access Verification

Username:

Any ideas why it says 'Password required, but none set', but then continues to the 'Username:' promt and permits me to authenticate successfully?

Thanks again

P.S. I know I should be using SSH over Telnet, but I'll work on that next!

Hi,

of course with only one user in the local database then he has to have privilege 15 but then why not use the enable secret password instead because I still think this is a security hole.

Regards

Alain

Don't forget to rate helpful posts.

Hi Cadet,

That's a really good point re: making use of the enable pasword in my case in the interim before I get AAA working properly. Thank you.

I still have the problem of the switch saying 'password required, but none set', even though it lets me continue to log in with local credentials successfully.

This is causing a problem for me because I'm using Kiwi CatTools to back up the runnin config, and the procedure is failing on the CatTools server, saying "Warning, no VTY password has been set".

I've just set a password on lines 0 15 and tried again, but CatTools still fails to authenticate successfully to the switch.

As the original query in this post has been answered, I'll start a new discussion now.

Thanks for your help Marvin and Cadet.

aaa authorization exec default group tacacs+ local

you also need to assign privileged access for the user in ACS