hadtech
asked on
Setting the Console Password on a Cisco Router
Can anyone explain when I set the console password as described below and then then the login command I get the result below i.e. '%Incomplete command.' ???
Router(config)#line console 0
Router(config-line)#passwo rd cisco
Router(config-line)#login
% Incomplete command.
Router(config-line)#login ?
authentication Authentication parameters.
ctrlc-disable Disable CONTROL-C during login.
Router(config)#line console 0
Router(config-line)#passwo
Router(config-line)#login
% Incomplete command.
Router(config-line)#login ?
authentication Authentication parameters.
ctrlc-disable Disable CONTROL-C during login.
ASKER
I'm trying to require a password to be entered (i.e. cisco) when getting into the router and before even getting to the 'user exec mode' prompt.
It would seem that after I set the password 'cisco' and then run the command 'login' in order for the password to be required when getting into the router I shouldn't get the error '% Incomplete command.' and that's why when I currently console in to the router I go immediately to the 'user exec mode' prompt i.e. in my case:
r2
Router(config)#line console 0
Router(config-line)#passwo rd cisco
Router(config-line)#login
% Incomplete command.
It would seem that after I set the password 'cisco' and then run the command 'login' in order for the password to be required when getting into the router I shouldn't get the error '% Incomplete command.' and that's why when I currently console in to the router I go immediately to the 'user exec mode' prompt i.e. in my case:
r2
Router(config)#line console 0
Router(config-line)#passwo
Router(config-line)#login
% Incomplete command.
Right - but have you these lines in your config? Are you using AAA by any chance? Or local users on the device itself to authenticate/login?
conf t
aaa new-model
aaa authentication login default local
aaa authorization exec default local
Those 3 commands basically mean use 'local' logins on the router for auth...have you either of those in your running config?
What version IOS are you running on this? 12? 15?
conf t
aaa new-model
aaa authentication login default local
aaa authorization exec default local
Those 3 commands basically mean use 'local' logins on the router for auth...have you either of those in your running config?
What version IOS are you running on this? 12? 15?
ASKER
Yes. I have:
aaa new-model
aaa session-id common
IOS version is 12.4
aaa new-model
aaa session-id common
IOS version is 12.4
What about
aaa authentication login default local
aaa authorization exec default local
Without those local logins will not work...
aaa authentication login default local
aaa authorization exec default local
Without those local logins will not work...
ASKER
Ran the 'sho run' command once again and both :
aaa authentication login default local
aaa authorization exec default local
are not there...
There is a 'no logging console' line item there though
aaa authentication login default local
aaa authorization exec default local
are not there...
There is a 'no logging console' line item there though
ASKER
FYI. I am directly connected to the router with the console cable...
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Added the lines:
aaa authentication login default local
aaa authorization exec default local
as described....
Using HyperTerminal (directly connected via Console) now requires the appropriate username and password combo to even get into user mode.
And both lines are in my running configuration...
Thanks for the help. This solved the problem...
aaa authentication login default local
aaa authorization exec default local
as described....
Using HyperTerminal (directly connected via Console) now requires the appropriate username and password combo to even get into user mode.
And both lines are in my running configuration...
Thanks for the help. This solved the problem...
Good stuff...cheers...
Are you saying that you CAN'T login to the console with just the password line? Have you a local user account on the router?