Solved

Can't configure console login, getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN"

Posted on 2009-04-12
11
5,798 Views
Last Modified: 2012-05-06
I want to configure the console login and password for a Cisco 3750 switch and I'm getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN", for example, if I want to use cisco as the login so that at the Username: I would enter cisco, but I'm getting the above message when I try to configure it. I want to be able to configure the username for console access to the switch?
0
Comment
Question by:dsterling
  • 5
  • 5
11 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24125464
Sounds like AAA has been configured. Do the following to do local authentication:


username cisco password <password>

line con 0

 login local

Open in new window

0
 

Author Comment

by:dsterling
ID: 24125515
It will not except login local, see results below

Switch(config)#username cisco password 12345
Switch(config)#line con 0
Switch(config-line)#login local
                                         ^
% Invalid input detected at '^' marker.

Switch(config-line)#

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24125690
Please post the current config of the switch.
0
 

Author Comment

by:dsterling
ID: 24125783
Here it is, all interfaces are the same and I took out the QOS statements and the crypto pki statements.

Switch#sh run
Building configuration...

Current configuration: 15855 bytes
!
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname Switch_01
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
enable secret 5 <concealed>
enable password 7 <concealed>
!
username netadmin privilege 15 password 7 <concealed>
username netadmin1  privilege 15 password 7 <concealed>
username netadmin2  privilege 15 password 7 <concealed>
username netadmin3  privilege 15 password 7 <concealed>
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login vty-in group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 cmds1 start-stop group tacacs+
aaa accounting commands 15 cmds15 start-stop group tacacs+
aaa accounting network default stop-only group tacacs+
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDST recurring
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip subnet-zero
ip domain-name <concealed>
ip name-server 192.168.2.25
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
!
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31
!
!
policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 10
 spanning-tree portfast

interface Vlan1
 ip address 192.168.110.2 255.255.255.0
!
interface Vlan10
 no ip address
!
ip classless
ip http server
ip http secure-server
!
ip tacacs source-interface Vlan1
!
logging trap debugging
logging <concealed>
logging <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
!
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server contact <concealed>
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps config
snmp-server host <concealed>
tacacs-server host <concealed>
tacacs-server host <concealed>
no tacacs-server directed-request
tacacs-server key  <concealed>
!
control-plane

line con 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication cisco
line vty 0 4
 exec-timeout 61 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication vty-in
 length 0
 transport input ssh
line vty 5 15
 password 7 <concealed>!
end
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 100 total points
ID: 24126069
Try this:

line con 0 

 no password 7 <concealed>

 no accounting commands 1 cmds1

 no accounting commands 15 cmds15

 login local

Open in new window

0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:dsterling
ID: 24126195
I took out the lines suggested so that there is nothing configured for line con 0, then I configure the username and password, then went in the line con 0 and still can't use the login local command (see below).

Switch(config-line)#login local
                               ^
% Invalid input detected at '^' marker.

Switch(config-line)#login ?
  authentication  Authentication parameters.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24126295
I've never run across that before.  It appears that the AAA configuration is preventing you from selecting local login.

Hopefully one of the security guys will have an idea.
0
 

Author Comment

by:dsterling
ID: 24126654
Appreciate all you help, I'll wait to see if anyone else responds, if not I'll resubmit the question and give you credit.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24126690
Problem now is that the question is a few days old with a few posts. Not many people look at questions like that.

I don't know how, but you can create a new question that points to this one. You might ask one of the moderators how.
0
 
LVL 7

Accepted Solution

by:
mitrushi earned 400 total points
ID: 24128533
You have not defined authentication list cisco to which you are refering under line con.
let say you want to use local database to authenticate through console
1 - create user on local database
username cisco privilege 15 secret password
2- define login method
aaa authentication login cisco local - this is creating a authentication list named cisco which is going to use the local database
3- apply authentication method to console
line con 0
login authentication cisco
0
 

Author Closing Comment

by:dsterling
ID: 31569310
Worked great!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now