Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

aaa authentication console problem

Posted on 2011-02-25
4
1,028 Views
Last Modified: 2012-05-11
i have configured AAA on cisco swiches & routers and aaa server is open source free radius. When i try to take ssh of the switch i am able to login to the device using radius authentication. its working fine,but when i try to access switch using console it asks for the username & password & i am able to login the user mode, after then it ask for enable password, but i am not able to login using local password or radius password.



Below is the configuration of switch for AAA authentication:-



username cisco secret 5 $1$tiM.$fk18bg8A/hfumyfe6j9lS2

aaa new-model

aaa group server radius radiuss

server x.x.x.x auth-port 1812 acct-port 1813

aaa authentication login default group radiuss local

aaa authentication login CONSOLE local

aaa authentication enable default group radius

aaa authorization exec default group radius if-authenticated

aaa session-id common



radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 01030F145726575B701A1758



line con 0

exec-timeout 5 0

password 7 0822455D0A16

login authentication CONSOLE

0
Comment
Question by:oppofwar
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 34979050
Do this:

line con 0
privilege level 15

This will let the authentication go straight to the # prompt.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 34980683
aaa authentication login CONSOLE local enable
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 34984685
The privilege level 15 suggestion above will put you into enable mode as soon as you log in. The 2nd suggestion will allow you to use the enable password for login if the local password fails. Neither sounds like what you're asking for.

It sounds like what you want is to be able to use the line password on the console. To do this, change
aaa authentication login CONSOLE local

to
aaa authentication login CONSOLE line

If you want to be able to use RADIUS, but use the line password if RADIUS isn't available, then change it to this:
aaa authentication login CONSOLE group radiuss line
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 34984707
By the way, what will happen with
aaa authentication login CONSOLE group radiuss line

If RADIUS isn't available, you will first be asked for user name and password. If Radius fails, it will time out and ask you for password without a user name. At this point you enter the line password.

"local" means the user name and password you configured ("cisco" and the secret password)
"line" means the password you configured on the line itself.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPv6 NAT to IPv4 28 66
Windows 10 - Devices and Printers slow loading 29 125
VPN problems 4 23
what is mstp 6 35
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question