Cisco 2950 prompting for username and password

Hello,

What am I missing so when the switch reboots/reloads it prompts me not only for the password but also a username.

en
!
config t
en password Pa55word
!
line con 0
password Pa55word
login
!
line vty 0 4
password Pa550rd
login
!
hostname SWITCH0001
ip domain-name domain.local
ntp server 192.168.217.10
!
!
vlan 128
name Office
int vlan128
ip address 192.168.128.254 255.255.255.0
shut
!
vlan 217
name GEM
int vlan217
ip address 192.168.217.254 255.255.255.0
shut
!
vlan 999
name Admin
int vlan999
ip address 192.168.255.251 255.255.255.248
no shut
!
int fa0/47
description GEMCON0000-1
switch access vlan 999
switchport mode access
switchport port-security max 4
switchport port-security mac-address sticky
switchport port-security violation shutdown
!
crypto key generate rsa
2048
username gemin priv 15 secret Pa550rd
aaa new-model
transport input ssh
!
service password-encryption
!
exit

Open in new window


Please advise.

Have a great day,

Don
GEMCCAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GEMCCAuthor Commented:
This appears to be about password failures/issues and not how to configure the switch to prompt for a username during reboot/reload.

Please advise.
Don JohnstonInstructorCommented:
You need to specify "login local" on the con0 or vty lines.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

GEMCCAuthor Commented:
So where would I input the username(s) in the config?
JustInCaseCommented:
As already Don said:
line con 0
login local
!
line vty 0 4
login local

global configuration mode
username gemin priv 15 secret Pa550rd
(as you already had in your previous post configuration)
:)
GEMCCAuthor Commented:
I do not know what I have done wrong now:

en
!
config t
username gemin password Pa55w0rd
en secret Pa55w0rd
!
line con 0
password Pa55w0rd
login local
!
line vty 0 4
password Pa55w0rd
login local
!
hostname SWITCH0001
ip domain-name domain.local
ntp server 192.168.217.10
!
crypto key generate rsa
2048
username gemin priv 15 password Pa55w0rd
aaa new-model
!
line vty 0 4
transport input ssh
!
service password-encryption
!

Open in new window


Now when I reload/reboot the switch, it immediately goes to SWITCH0001> prompt and does not prompt for a username or password unless I enter "en"

Is it because I have the "username gemin password Pa55w0rd"  under conf t and "username gemin priv 15 password Pa55w0rd" during the SSH setup?

Sorry, what did I do wrong?

Thanks for your help.
JustInCaseCommented:
Is that GNS3 (or some other simulator) or switch/router?

I have never seen (so far) on any switch/router
that would separate

line vty 0 4
password Pa55w0rd
login local

!
hostname SWITCH0001
ip domain-name domain.local
ntp server 192.168.217.10
!
crypto key generate rsa
2048
username gemin priv 15 password Pa55w0rd
aaa new-model
!
line vty 0 4
transport input ssh


into 2 two sets of commands
Don JohnstonInstructorCommented:
Now when I reload/reboot the switch, it immediately goes to SWITCH0001> prompt and does not prompt for a username or password unless I enter "en"

What do you mean by "immediately goes to"?  Is this a console connection?  Are you getting the "Press Enter to get started" prompt?

Please post the full config (less passwords) and the terminal session output when connect.
GEMCCAuthor Commented:
I separate the vty line because I get an error due to the SSH setup.  I tried putting vty after SSH, but got an error then too.

No, I do not get the "Press Enter to get started" prompt,

If someone wants to rewrite the config, please do.

Thanks for your help in advance.

Don
Don JohnstonInstructorCommented:
Once again, please post the complete current config.
GEMCCAuthor Commented:
Sorry, I did not see you request the complete config.  Here it is:

en
!
config t
username gemin password Pa55w0rd
en secret Pa55w0rd
!
line con 0
password Pa55w0rd
login local
!
line vty 0 4
password Pa55w0rd
login local
!
hostname SWITCH0001
ip domain-name domain.local
ntp server 192.168.217.10
!
crypto key generate rsa
2048
username gemin priv 15 password Pa55w0rd
aaa new-model
!
line vty 0 4
transport input ssh
!
service password-encryption
!
ip http server
ip http port 65401
!
!
vlan 128
name Office
int vlan128
ip address 192.168.128.254 255.255.255.0
shut
!
vlan 217
name GEM
int vlan217
ip address 192.168.217.254 255.255.255.0
shut
!
vlan 999
name GEM-Admin
int vlan999
ip address 192.168.255.251 255.255.255.248
no shut
!
!
! GEMROU0000
!
int fa0/1
description GEMROU0000-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 001E.C9FF.69F8
!
int fa0/2
description GEMROU0000-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 001E.C9FF.69F8
shut
!
! GEMROU0001
!
int fa0/3
description GEMROU0001-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0021.9BFC.ADC7
!
int fa0/4
description GEMROU0001-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0021.9BFC.ADC7
shut
!
! GEMWIN0000
!
int fa0/5
description GEMWIN0000-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address C860.00EA.9DA0
spanning-tree portfast
!
int fa0/6
description GEMWIN0000-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address C860.00EA.9DA0
spanning-tree portfast
shut
!
! GEMWIN0001
!
int fa0/7
description GEMWIN0001-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0013.211F.A0AC
spanning-tree portfast
!
int fa0/8
description GEMWIN0001-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0013.211F.A0AC
spanning-tree portfast
shut
!
! GEMLIN0000
!
int fa0/9
description GEMLIN0000-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0023.545F.F089
!
int fa0/10
description GEMLIN0000-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0023.545F.F089
shut
!
! GEMLIN0001
!
int fa0/11
description GEMLIN0001-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0002.B34A.3F84
spanning-tree portfast
!
int fa0/12
description GEMLIN0001-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address 0002.B34A.3F84
spanning-tree portfast
shut
!
! GEMBAC0000
!
int fa0/13
description GEMBAC0000-1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address C43D.C782.479D
spanning-tree portfast
!
int fa0/14
description GEMBAC0000-2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security mac-address C43D.C782.479D
spanning-tree portfast
shut
!
! WORKBENCH SWITCH
!
int fa0/15
description WORKBENCH SWITCH - 1
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security max 8
switchport port-security mac-address sticky
!
int fa0/16
description WORKBENCH SWITCH - 2
switch access vlan 217
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security max 8
switchport port-security mac-address sticky
shut
!
! GEMUPS0000
!
int fa0/17
description GEMUPS0000-1
switch access vlan 217
switchport mode access
spanning-tree portfast
!
int fa0/18
description GEMUPS0000-2
switch access vlan 217
switchport mode access
spanning-tree portfast
shut
!
int fa0/19
switch access vlan 217
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/20
switch access vlan 217
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/21
switch access vlan 217
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/22
switch access vlan 217
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/23
switch access vlan 217
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/24
switch access vlan 217
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
!
int fa0/25
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/26
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/27
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/28
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/29
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/30
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/31
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/32
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
! ROUTER
!
int fa0/33
description ROUTER - 1
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security max 7
switchport port-security mac-address sticky
switchport port-security violation protect
!
int fa0/34
description ROUTER - 2
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security max 7
switchport port-security mac-address sticky
switchport port-security violation protect
shut
!
! OFFICE SWITCH
!
int fa0/35
description SWITCH - 1
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security max 16
switchport port-security mac-address sticky
switchport port-security violation protect
!
int fa0/36
description SWITCH - 2
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security max 16
switchport port-security mac-address sticky
switchport port-security violation protect
shut
!
! GEMWIN0000
!
int fa0/37
description GEMWIN0000-1
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security mac-address C860.00EA.98A1
spanning-tree portfast
!
int fa0/38
description GEMWIN0000-2
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security mac-address C860.00EA.98A1
spanning-tree portfast
shut
!
! GEMWIN0001
!
int fa0/39
description GEMWIN0001-1
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security mac-address 0004.E2FB.E49E
spanning-tree portfast
!
int fa0/40
description GEMWIN0001-2
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security mac-address 0004.E2FB.E49E
spanning-tree portfast
shut
!
int fa0/41
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/42
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/43
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
int fa0/44
switch access vlan 128
switchport mode access
switchport port-security
spanning-tree portfast
shut
!
! GEMBAC0000
!
int fa0/45
description GEMBAC0000-1
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security mac-address 0014.2232.9E2E
spanning-tree portfast
!
int fa0/46
description GEMBAC0000-2
switch access vlan 128
switchport mode access
switchport port-security
switchport port-security mac-address 0014.2232.9E2E
spanning-tree portfast
shut
!
! GEMCON0000
!
int fa0/47
description GEMCON0000-1
switch access vlan 999
switchport mode access
switchport port-security max 4
switchport port-security mac-address sticky
switchport port-security violation shutdown
!
int fa0/48
description GEMCON0000-2
switch access vlan 999
switchport mode access
switchport port-security max 4
switchport port-security mac-address sticky
switchport port-security violation shutdown
shut
!
int gi0/1
shut
!
int gi0/2
shut
!
exit

Open in new window


Thanks in advance.

Don
Don JohnstonInstructorCommented:
I don't know where you're getting this config, but it's not from the switch.

Please login to the switch, get to privileged mode and issue the command "show run". Then post that output here.
GEMCCAuthor Commented:
I thought you meant the txt file I used to create the config here is what you are requesting WITHOUT SSH setup:

Current configuration : 2560 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname GEMSWI0001
!
enable secret 5 $1$dBNX$xy9Hj3AenJPQnLyXRQRVv1
!
username gem-admin password 7 0020431F45085E125C33
ip subnet-zero
!
ip domain-name gem-domain.local
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
interface FastEthernet0/47
 description GEMCON0000-1
 switchport access vlan 999
 switchport mode access
 switchport port-security maximum 4
 switchport port-security mac-address sticky
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan128
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan217
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan999
 ip address 192.168.255.251 255.255.255.248
 no ip route-cache
!
ip http server
ip http port 65401
!
line con 0
 password 7 143342124D577F3F773A
 login local
line vty 0 4
 password 7 143342124D577F3F773A
 login local
 transport input ssh
line vty 5 15
 login
!
ntp server 192.168.217.10
!
end

Open in new window


And here it is with SSH setup:

Current configuration : 2554 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname GEMSWI0001
!
aaa new-model
enable secret 5 $1$AJdB$RC3P38y/ij1ye4rCeSMz2/
!
username gem-admin privilege 15 password 7 08051C57484A50034119
ip subnet-zero
!
ip domain-name gem-domain.local
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/47
 description GEMCON0000-1
 switchport access vlan 999
 switchport mode access
 switchport port-security maximum 4
 switchport port-security mac-address sticky
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan128
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan217
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan999
 ip address 192.168.255.251 255.255.255.248
 no ip route-cache
!
ip http server
ip http port 65401
!
line con 0
 password 7 0020431F45085E125C33
line vty 0 4
 password 7 0020431F45085E125C33
 transport input ssh
line vty 5 15
!
ntp server 192.168.217.10
!
end

Open in new window


I took out ports fa1-46 & 48 and Gig1 & 2  as they are not in use.

Please advise.
Don JohnstonInstructorCommented:
Couple of things:

1) Contact a moderator immediately and ask them to delete your previous post.  When you post configs, always remove the passwords. Some are very easy to decrypt.

2) We ask for the running config because what you type in is how you want the switch configured.  The running-config shows the actual configuration.

3) The two configs look almost identical to me.

4) Did you generate the key? Use the "show crypto key mypubkey rsa" command to verify the key was created.
GEMCCAuthor Commented:
1. Thanks for the heads up!

2. Understood

3. One thing I noticed is the of the configs without SSH is 2560 while with is 2554.  I do not understand that one.

4. I had the switch generate it.

% Key pair was generated at: 00:04:46 UTC Mar 1 1993
Key name: GEMSWI0001.gem-domain.local
 Usage: General Purpose Key
 Key Data:
  30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
  00EECC24 3E492ABD 1243493D 9DECC9DC 3C278C28 5A689CBC 0CEEC3C4 6C3F7292
  A95C23A2 BCF69A56 E57F9F78 48AA0C11 B508114D CAD71D5E 40EFBB4F C56685D0
  6BE985E2 0A3E7C68 8EB69A8C A3910069 32536FB8 BEB7155F BD2DC1ED EACD9DA2
  BEC4B2A4 3B2E185C 547E4C5E 31D818E4 02DDAECB 51A764F5 AECAA370 390E30EB
  15DB5556 AD331936 4DCC1935 971DE111 32D42016 9B39BE89 17EB9FC9 0AA6A0CD
  437EABA8 A3E88B33 9D9E01BA C1E4978B F40220B1 8CFF3D6A F976EA38 19752E0A
  03FA7892 66D37F83 CF616D56 33880C79 DBB8265A 6EF2A223 70839672 54AE172B
  A93D273F 23BA978F DB873832 04CA2405 14DA5001 306B1728 CD01315E 1E7E301A
  4D020301 0001
% Key pair was generated at: 01:00:27 UTC Mar 1 1993
Key name: GEMSWI0001.gem-domain.local.server
 Usage: Encryption Key
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00EEF995 89ECF98F
  AC1BBE1D 07ED8032 19B237F7 DB5E3F45 BD36A3BF 9A02AA6B 3FBB2A9A 9261C78E
  ADB43FFB 62B64F74 03BBA288 B7A3A08E AE930FD1 5EAA3C87 F31E8BB6 89896245
  36AD8A3E E6B452D6 493C9AF7 CDB83079 6E2BF21B 49F5FA98 33020301 0001
GEMSWI0001#

Open in new window

Don JohnstonInstructorCommented:
On one config you have "aaa new model"... which is not required for ssh.

You also have differing passwords between the two configs.

And in one you have "login local" on the vty lines

So I would suggest keeping it simple first. Make sure you have the following.

no aaa new-model
username gem-admin password Homer
ip domain-name gem-domain.local
line vty 0 4
 transport input ssh
 login local

Open in new window


I can't say for sure if this would make any difference, but I've never used a .local domain. I've always used a .com or .net or .org.  So if the above doesn't work, try changing your domain to a .com and regenerate the crypto key and see what happens.
GEMCCAuthor Commented:
Tried all of the options suggested above.  When making a console connection still not being prompted for username/password goes to SWITCH0001> prompt.  Am not prompted for password until I go into enable mode.

Please advise.
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
GEMCC,

Here you go ,

conf t
username admin priv 15 password cisco123
line con 0
login local
end

Thanks

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GEMCCAuthor Commented:
I've requested that this question be deleted for the following reason:

This is a duplicate of http://www.experts-exchange.com/questions/28691626/Cisco-2950-Switch-SSH.html
GEMCCAuthor Commented:
Fixed the issue
JustInCaseCommented:
This is interesting accepted solution
dated from28.06.2015
Exactly the same configuration was suggested five days earlier.
:)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.