?
Solved

aaa authentication console problem

Posted on 2011-02-25
4
Medium Priority
?
1,035 Views
Last Modified: 2012-05-11
i have configured AAA on cisco swiches & routers and aaa server is open source free radius. When i try to take ssh of the switch i am able to login to the device using radius authentication. its working fine,but when i try to access switch using console it asks for the username & password & i am able to login the user mode, after then it ask for enable password, but i am not able to login using local password or radius password.



Below is the configuration of switch for AAA authentication:-



username cisco secret 5 $1$tiM.$fk18bg8A/hfumyfe6j9lS2

aaa new-model

aaa group server radius radiuss

server x.x.x.x auth-port 1812 acct-port 1813

aaa authentication login default group radiuss local

aaa authentication login CONSOLE local

aaa authentication enable default group radius

aaa authorization exec default group radius if-authenticated

aaa session-id common



radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 01030F145726575B701A1758



line con 0

exec-timeout 5 0

password 7 0822455D0A16

login authentication CONSOLE

0
Comment
Question by:oppofwar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 34979050
Do this:

line con 0
privilege level 15

This will let the authentication go straight to the # prompt.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 34980683
aaa authentication login CONSOLE local enable
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 34984685
The privilege level 15 suggestion above will put you into enable mode as soon as you log in. The 2nd suggestion will allow you to use the enable password for login if the local password fails. Neither sounds like what you're asking for.

It sounds like what you want is to be able to use the line password on the console. To do this, change
aaa authentication login CONSOLE local

to
aaa authentication login CONSOLE line

If you want to be able to use RADIUS, but use the line password if RADIUS isn't available, then change it to this:
aaa authentication login CONSOLE group radiuss line
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 2000 total points
ID: 34984707
By the way, what will happen with
aaa authentication login CONSOLE group radiuss line

If RADIUS isn't available, you will first be asked for user name and password. If Radius fails, it will time out and ask you for password without a user name. At this point you enter the line password.

"local" means the user name and password you configured ("cisco" and the secret password)
"line" means the password you configured on the line itself.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question