Solved

aaa authentication console problem

Posted on 2011-02-25
4
1,033 Views
Last Modified: 2012-05-11
i have configured AAA on cisco swiches & routers and aaa server is open source free radius. When i try to take ssh of the switch i am able to login to the device using radius authentication. its working fine,but when i try to access switch using console it asks for the username & password & i am able to login the user mode, after then it ask for enable password, but i am not able to login using local password or radius password.



Below is the configuration of switch for AAA authentication:-



username cisco secret 5 $1$tiM.$fk18bg8A/hfumyfe6j9lS2

aaa new-model

aaa group server radius radiuss

server x.x.x.x auth-port 1812 acct-port 1813

aaa authentication login default group radiuss local

aaa authentication login CONSOLE local

aaa authentication enable default group radius

aaa authorization exec default group radius if-authenticated

aaa session-id common



radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 01030F145726575B701A1758



line con 0

exec-timeout 5 0

password 7 0822455D0A16

login authentication CONSOLE

0
Comment
Question by:oppofwar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 34979050
Do this:

line con 0
privilege level 15

This will let the authentication go straight to the # prompt.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 34980683
aaa authentication login CONSOLE local enable
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 34984685
The privilege level 15 suggestion above will put you into enable mode as soon as you log in. The 2nd suggestion will allow you to use the enable password for login if the local password fails. Neither sounds like what you're asking for.

It sounds like what you want is to be able to use the line password on the console. To do this, change
aaa authentication login CONSOLE local

to
aaa authentication login CONSOLE line

If you want to be able to use RADIUS, but use the line password if RADIUS isn't available, then change it to this:
aaa authentication login CONSOLE group radiuss line
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 34984707
By the way, what will happen with
aaa authentication login CONSOLE group radiuss line

If RADIUS isn't available, you will first be asked for user name and password. If Radius fails, it will time out and ask you for password without a user name. At this point you enter the line password.

"local" means the user name and password you configured ("cisco" and the secret password)
"line" means the password you configured on the line itself.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question