Solved

Can't configure console login, getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN"

Posted on 2009-04-12
11
6,274 Views
Last Modified: 2012-05-06
I want to configure the console login and password for a Cisco 3750 switch and I'm getting the message "AAA: Warning authentication list "cisco" is not defined for LOGIN", for example, if I want to use cisco as the login so that at the Username: I would enter cisco, but I'm getting the above message when I try to configure it. I want to be able to configure the username for console access to the switch?
0
Comment
Question by:dsterling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24125464
Sounds like AAA has been configured. Do the following to do local authentication:


username cisco password <password>
line con 0
 login local

Open in new window

0
 

Author Comment

by:dsterling
ID: 24125515
It will not except login local, see results below

Switch(config)#username cisco password 12345
Switch(config)#line con 0
Switch(config-line)#login local
                                         ^
% Invalid input detected at '^' marker.

Switch(config-line)#

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24125690
Please post the current config of the switch.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:dsterling
ID: 24125783
Here it is, all interfaces are the same and I took out the QOS statements and the crypto pki statements.

Switch#sh run
Building configuration...

Current configuration: 15855 bytes
!
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname Switch_01
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
enable secret 5 <concealed>
enable password 7 <concealed>
!
username netadmin privilege 15 password 7 <concealed>
username netadmin1  privilege 15 password 7 <concealed>
username netadmin2  privilege 15 password 7 <concealed>
username netadmin3  privilege 15 password 7 <concealed>
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login vty-in group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 cmds1 start-stop group tacacs+
aaa accounting commands 15 cmds15 start-stop group tacacs+
aaa accounting network default stop-only group tacacs+
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDST recurring
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip subnet-zero
ip domain-name <concealed>
ip name-server 192.168.2.25
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
!
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31
!
!
policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 10
 spanning-tree portfast

interface Vlan1
 ip address 192.168.110.2 255.255.255.0
!
interface Vlan10
 no ip address
!
ip classless
ip http server
ip http secure-server
!
ip tacacs source-interface Vlan1
!
logging trap debugging
logging <concealed>
logging <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
access-list 1 permit <concealed>
!
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server community <concealed>
snmp-server contact <concealed>
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps config
snmp-server host <concealed>
tacacs-server host <concealed>
tacacs-server host <concealed>
no tacacs-server directed-request
tacacs-server key  <concealed>
!
control-plane

line con 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication cisco
line vty 0 4
 exec-timeout 61 0
 password 7 <concealed>
 accounting commands 1 cmds1
 accounting commands 15 cmds15
 login authentication vty-in
 length 0
 transport input ssh
line vty 5 15
 password 7 <concealed>!
end
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 100 total points
ID: 24126069
Try this:

line con 0 
 no password 7 <concealed>
 no accounting commands 1 cmds1
 no accounting commands 15 cmds15
 login local

Open in new window

0
 

Author Comment

by:dsterling
ID: 24126195
I took out the lines suggested so that there is nothing configured for line con 0, then I configure the username and password, then went in the line con 0 and still can't use the login local command (see below).

Switch(config-line)#login local
                               ^
% Invalid input detected at '^' marker.

Switch(config-line)#login ?
  authentication  Authentication parameters.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24126295
I've never run across that before.  It appears that the AAA configuration is preventing you from selecting local login.

Hopefully one of the security guys will have an idea.
0
 

Author Comment

by:dsterling
ID: 24126654
Appreciate all you help, I'll wait to see if anyone else responds, if not I'll resubmit the question and give you credit.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24126690
Problem now is that the question is a few days old with a few posts. Not many people look at questions like that.

I don't know how, but you can create a new question that points to this one. You might ask one of the moderators how.
0
 
LVL 7

Accepted Solution

by:
Ilir Mitrushi earned 400 total points
ID: 24128533
You have not defined authentication list cisco to which you are refering under line con.
let say you want to use local database to authenticate through console
1 - create user on local database
username cisco privilege 15 secret password
2- define login method
aaa authentication login cisco local - this is creating a authentication list named cisco which is going to use the local database
3- apply authentication method to console
line con 0
login authentication cisco
0
 

Author Closing Comment

by:dsterling
ID: 31569310
Worked great!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Native Vlans, Tagged & untagged annnd Trunks 6 69
managing a small network 6 104
Unidentified Network 12 54
Mac address in Nexus7K fex port 5 11
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question