Disable Console Login Prompt

roharris33 · ‎03-09-2018

I have a Cisco 3650 running 16.3.5b Lan base. I want do disable the login but prompt for the enable password with connecting via the console cable. I am using AAA for ssh access. The "no login local" command isn't an option under line con 0.

aaa group server tacacs+ Clear_Pass
server XXX.XXX.XXX.XXX
server XXX.XXX.XXX.XXX
server-private XXX.XXX.XXX.XXX timeout 3 key 7 PASSWORD
ip vrf forwarding Mgmt-vrf
ip tacacs source-interface Loopback1
!
aaa authentication login default group tacacs+ local enable
aaa authorization exec default if-authenticated
aaa authorization network default if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+

username cisco privilege 15 password 7 CISCO

line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
privilege level 15
logging synchronous
transport input ssh

Seb Rupik · ‎03-09-2018

Hi there,

I don't have anything to hand to test with, but the following should work:

!
aaa authentication login ENABLE enable
!
line con 0
  login authentication ENABLE
!

cheers,

Seb.

roharris33 · ‎03-09-2018

That didn't work. I receive an authentication failed message.

Thanks,

Robin

Richard Burts · ‎03-10-2018

Robin

The suggestion from Seb looks pretty good to me. Would you post your config?

HTH

Rick

HTH

Rick

Seb Rupik · ‎03-12-2018

Hi there,

I had to tweak it a little as IOS didn't like the AAA method name.

Try this:

!
aaa authentication login AAA_ENABLE enable
!
line con 0
  login authentication AAA_ENABLE
!

cheers,

Seb.

Richard Burts · ‎03-12-2018

Seb

Good catch. I thought that your approach of specifying a different authentication method was the way to solve it. If IOS did not like your original name then that would explain why it did not work for the original poster. I hope that this time he is more successful.

HTH

Rick

HTH

Rick