Solved

Can't configure console login, getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN"

Posted on 2009-04-12
11
5,654 Views
Last Modified: 2012-05-06
I want to configure the console login and password for a Cisco 3750 switch and I'm getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN", for example, if I want to use cisco as the login so that at the Username: I would enter cisco, but I'm getting the above message when I try to configure it. I want to be able to configure the username for console access to the switch?
0
Comment
Question by:dsterling
  • 5
  • 5
11 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24125464
Sounds like AAA has been configured. Do the following to do local authentication:


username cisco password <password>

line con 0

 login local

Open in new window

0
 

Author Comment

by:dsterling
ID: 24125515
It will not except login local, see results below

Switch(config)#username cisco password 12345
Switch(config)#line con 0
Switch(config-line)#login local
                                         ^
% Invalid input detected at '^' marker.

Switch(config-line)#

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24125690
Please post the current config of the switch.
0
 

Author Comment

by:dsterling
ID: 24125783
Here it is, all interfaces are the same and I took out the QOS statements and the crypto pki statements.

Switch#sh run
Building configuration...

Current configuration: 15855 bytes
!
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname Switch_01
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
enable secret 5 <concealed>
enable password 7 <concealed>
!
username netadmin privilege 15 password 7 <concealed>
username netadmin1  privilege 15 password 7 <concealed>
username netadmin2  privilege 15 password 7 <concealed>
username netadmin3  privilege 15 password 7 <concealed>
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login vty-in group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 cmds1 start-stop group tacacs+
aaa accounting commands 15 cmds15 start-stop group tacacs+
aaa accounting network default stop-only group tacacs+
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDST recurring
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip subnet-zero
ip domain-name <concealed>
ip name-server 192.168.2.25
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
!
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31
!
!
policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 10
 spanning-tree portfast

interface Vlan1
 ip address 192.168.110.2 255.255.255.0
!
interface Vlan10
 no ip address
!
ip classless
ip http server
ip http secure-server
!
ip tacacs source-interface Vlan1
!
logging trap debugging
logging <concealed>
logging <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
!
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server contact <concealed>
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps config
snmp-server host <concealed>
tacacs-server host <concealed>
tacacs-server host <concealed>
no tacacs-server directed-request
tacacs-server key  <concealed>
!
control-plane

line con 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication cisco
line vty 0 4
 exec-timeout 61 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication vty-in
 length 0
 transport input ssh
line vty 5 15
 password 7 <concealed>!
end
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 100 total points
ID: 24126069
Try this:

line con 0 

 no password 7 <concealed>

 no accounting commands 1 cmds1

 no accounting commands 15 cmds15

 login local

Open in new window

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:dsterling
ID: 24126195
I took out the lines suggested so that there is nothing configured for line con 0, then I configure the username and password, then went in the line con 0 and still can't use the login local command (see below).

Switch(config-line)#login local
                               ^
% Invalid input detected at '^' marker.

Switch(config-line)#login ?
  authentication  Authentication parameters.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24126295
I've never run across that before.  It appears that the AAA configuration is preventing you from selecting local login.

Hopefully one of the security guys will have an idea.
0
 

Author Comment

by:dsterling
ID: 24126654
Appreciate all you help, I'll wait to see if anyone else responds, if not I'll resubmit the question and give you credit.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24126690
Problem now is that the question is a few days old with a few posts. Not many people look at questions like that.

I don't know how, but you can create a new question that points to this one. You might ask one of the moderators how.
0
 
LVL 7

Accepted Solution

by:
mitrushi earned 400 total points
ID: 24128533
You have not defined authentication list cisco to which you are refering under line con.
let say you want to use local database to authenticate through console
1 - create user on local database
username cisco privilege 15 secret password
2- define login method
aaa authentication login cisco local - this is creating a authentication list named cisco which is going to use the local database
3- apply authentication method to console
line con 0
login authentication cisco
0
 

Author Closing Comment

by:dsterling
ID: 31569310
Worked great!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now