Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7284
  • Last Modified:

Can't configure console login, getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN"

I want to configure the console login and password for a Cisco 3750 switch and I'm getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN", for example, if I want to use cisco as the login so that at the Username: I would enter cisco, but I'm getting the above message when I try to configure it. I want to be able to configure the username for console access to the switch?
0
dsterling
Asked:
dsterling
  • 5
  • 5
2 Solutions
 
Don JohnstonCommented:
Sounds like AAA has been configured. Do the following to do local authentication:


username cisco password <password>
line con 0
 login local

Open in new window

0
 
dsterlingAuthor Commented:
It will not except login local, see results below

Switch(config)#username cisco password 12345
Switch(config)#line con 0
Switch(config-line)#login local
                                         ^
% Invalid input detected at '^' marker.

Switch(config-line)#

0
 
Don JohnstonCommented:
Please post the current config of the switch.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
dsterlingAuthor Commented:
Here it is, all interfaces are the same and I took out the QOS statements and the crypto pki statements.

Switch#sh run
Building configuration...

Current configuration: 15855 bytes
!
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname Switch_01
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
enable secret 5 <concealed>
enable password 7 <concealed>
!
username netadmin privilege 15 password 7 <concealed>
username netadmin1  privilege 15 password 7 <concealed>
username netadmin2  privilege 15 password 7 <concealed>
username netadmin3  privilege 15 password 7 <concealed>
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login vty-in group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 cmds1 start-stop group tacacs+
aaa accounting commands 15 cmds15 start-stop group tacacs+
aaa accounting network default stop-only group tacacs+
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDST recurring
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip subnet-zero
ip domain-name <concealed>
ip name-server 192.168.2.25
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
!
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31
!
!
policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 10
 spanning-tree portfast

interface Vlan1
 ip address 192.168.110.2 255.255.255.0
!
interface Vlan10
 no ip address
!
ip classless
ip http server
ip http secure-server
!
ip tacacs source-interface Vlan1
!
logging trap debugging
logging <concealed>
logging <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
!
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server contact <concealed>
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps config
snmp-server host <concealed>
tacacs-server host <concealed>
tacacs-server host <concealed>
no tacacs-server directed-request
tacacs-server key  <concealed>
!
control-plane

line con 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication cisco
line vty 0 4
 exec-timeout 61 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication vty-in
 length 0
 transport input ssh
line vty 5 15
 password 7 <concealed>!
end
0
 
Don JohnstonCommented:
Try this:

line con 0 
 no password 7 <concealed>
 no accounting commands 1 cmds1
 no accounting commands 15 cmds15
 login local

Open in new window

0
 
dsterlingAuthor Commented:
I took out the lines suggested so that there is nothing configured for line con 0, then I configure the username and password, then went in the line con 0 and still can't use the login local command (see below).

Switch(config-line)#login local
                               ^
% Invalid input detected at '^' marker.

Switch(config-line)#login ?
  authentication  Authentication parameters.
0
 
Don JohnstonCommented:
I've never run across that before.  It appears that the AAA configuration is preventing you from selecting local login.

Hopefully one of the security guys will have an idea.
0
 
dsterlingAuthor Commented:
Appreciate all you help, I'll wait to see if anyone else responds, if not I'll resubmit the question and give you credit.
0
 
Don JohnstonCommented:
Problem now is that the question is a few days old with a few posts. Not many people look at questions like that.

I don't know how, but you can create a new question that points to this one. You might ask one of the moderators how.
0
 
Ilir MitrushiIT Infrastructure and Security ArchitectCommented:
You have not defined authentication list cisco to which you are refering under line con.
let say you want to use local database to authenticate through console
1 - create user on local database
username cisco privilege 15 secret password
2- define login method
aaa authentication login cisco local - this is creating a authentication list named cisco which is going to use the local database
3- apply authentication method to console
line con 0
login authentication cisco
0
 
dsterlingAuthor Commented:
Worked great!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now