06-06-2012 11:05 AM - edited 03-07-2019 07:06 AM
I am having some trouble with my login.
When I console into the switch I want to be promped for a user name and password which it does perfectly I get the router> then I type enable. Works exactally as I want it.
I want it to do the same when I telnet in but it just goes stright to the router#
Can some one tell me what I have to change to get it to behave like username , password router> on telnet
conf t
service password-encryption
username admin priv 15 secret xxxx
username support priv 15 secret xxxx
!
aaa new-model
!
aaa authentication login default
!
!
aaa session-id common
ip http server
ip http authentication local
!
ip access-list standard snmp_acl
permit 192.168.12.1
!
!
snmp-server community ABC-RO RO snmp_acl
!
line vty 0 4
privilege level 15
login authentication default
exit
06-06-2012 11:09 AM
hi,
Just remove the command privilege level 15 under the vty line.
Regards.
Alain.
06-06-2012 11:15 AM
whan i remove that and log in I get
Switch>enable
% Error in authentication
06-06-2012 11:10 AM
That is happening because your users have a priviledge level of 15. Create a user with a priviledge level of 1 for Telnet.
06-06-2012 11:24 AM
Yes, remove the "privilege level 15 under the vty line" and change this line "aaa authentication login default" to "aaa authentication login default local" and of course create a user with a priviledge level of less than 15.
06-06-2012 11:30 AM
Did that still takes me to the router#
I want router>
Sent from my iPhone
06-06-2012 01:24 PM
make this config:
line vty 0 4
password darren849
Login local
exit
Please rate , if it helps.
Regards
06-07-2012 07:30 AM
did that and now get the router> but cant type enable or get error
Switch>enable
% Error in authentication
06-07-2012 07:43 AM
That symptom usually means that there is no enable password or enable secret configured. The console will go go to enable mode without the enable password or enable secret but the vty require that it be configured. Can you confirm whether there is any enable password or enable secret configured?
It would probably help us see what is going on if you would post the entire configuration of aaa (or better yet just post the entire config).
HTH
Rick
06-08-2012 05:08 AM
I have a factory default 2960 and I past this into it, I have one vlan set up and one switch port so I can telnet in to the switch.
What I dont get is when I go in through the console I get prompted for a user name and password
then I get router> now I type ....enable then takes be directall to the Router# This is exactly how I want it.
I want it to do the same for the VTY ( Telnet) but it will not
I get promped for a user name and password then it goes directally to router#
I want it to go to router>
conf t
service password-encryption
username support priv 15 secret xxxx
username admin priv 15 secret xxxxxx
!
aaa new-model
!
aaa authentication login default local enable
!
!
aaa session-id common
ip http server
ip http authentication local
!
ip access-list standard snmp_acl
permit 141.11.4.104
!
!
snmp-server community ABC-RO RO snmp_acl
!
line vty 0 15
privilege level 15
login authentication default
exit
exit
wr mem
06-08-2012 05:21 AM
If I go change the VTY 0 4 Privilege level from 15 it goes directally to the Router# after the user name and password
If I change the VTY 0 4 Privilege level to 0,1,or 2 I get prompted for user name and password and go to the Router>
when I type enable from here I get % Error in Authentication
06-08-2012 05:31 AM
Based on what you have posted I would say that you are experiencing normal behavior of IOS. You have not configured either enable password or enable secret so there is no password protecting enable mode. By default on the console it will go into enable mode with no password for enable. And by default the vty will fail to go to enable when there is no password.
So you can not have the vty to behave exactly as the console does. You can either configure a password to protect enable and then enter the password at the enable prompt for the vty. Or you can configure the vty to go directly to enable mode. If you want people to go to enable mode without a password then I do not understand the logic of wanting to force them to type enable. Why not take them directly to enable?
HTH
Rick
06-08-2012 05:37 AM
I am the only person who will be using the router. I am the only support ( scarry). When I telnet in I want to get to the Router>
If I need to do any task at the Router> prompt I am going to have to go to the physical switch and plug in a console port.
There may be a time when I need to telnet in and get to the Router> prompt
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: