Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2089
Views
15
Helpful
3
Replies

Nexus 9K Console Port No Auth

Go to solution
CiscoMedMed
Level 1
Level 1

‎03-13-2021 08:47 AM

Going through a recent config change I lost the ability to authenticate either via RADIUS/AD AND with local credentials. And this was the case whether access via an Avocent console server or ssh. I was locked out until I disabled some trunking assuring the 9k couldn't even try to reach the radius server and then local creds worked. What I'd like to do is remove authentication from the console serial port. If I authenticate to the Avocent then I have access to the console port. Can someone tell me how to exclude the console port from the overall security  policy? This is clearer to me in IOS. Thank you.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎03-13-2021 09:08 AM

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_0111.html#task_1...

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-13-2021 09:24 AM

you can do an example as below - for the console, the rest all will be TACACS, then you also need to investigate what is wrong with Radius, do you have config fall back to local then it should not be an issue if the TACACS not reachable you can use a local account.

 

again it all your requirement.

 

 

username myuser password mypassword priv 15
aaa authentication login CONSOLE local
aaa authorization exec CONSOLE if-authenticated
!
line con 0
login authentication CONSOLE

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

Go to solution
marce1000
VIP
VIP

‎03-13-2021 09:08 AM

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_0111.html#task_1...

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-13-2021 09:24 AM

you can do an example as below - for the console, the rest all will be TACACS, then you also need to investigate what is wrong with Radius, do you have config fall back to local then it should not be an issue if the TACACS not reachable you can use a local account.

 

again it all your requirement.

 

 

username myuser password mypassword priv 15
aaa authentication login CONSOLE local
aaa authorization exec CONSOLE if-authenticated
!
line con 0
login authentication CONSOLE

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
TDMerton
Level 1
Level 1

‎06-04-2023 11:41 AM - edited ‎06-04-2023 11:47 AM

nexus 9k doesn't have the options listed

nexus9(config)# line console 0

% Invalid command at '^' marker

only line console (without 0), however after that for login are only  *** No matching command found in current mode, matching in (config) mode ***

on-failure Set options for failed login attempt and on-success Set options for successful login attempt

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card