HELP - I locked myself after enabling aaa new-model ...

From: Huan Pham (pnhuan@yahoo.com)
Date: Sun Sep 14 2008 - 09:49:38 ART

• Next message: Huzefa: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Previous message: Fahad Khan: "Re: SNAT Behaviour"
• Next in thread: Huzefa: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huzefa: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Farrukh Haroon: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Farrukh Haroon: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Farrukh Haroon: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Pavel Bykov: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Paul Cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

.... using Brian Dennis's COD recommended approach and configuration ;-)

 
Here's the config.

aaa new-model
aaa authentication login VTY_LINE line
line vty 0 15
 password cisco
 login authentication VTY_LINE

I tried this config on both 3560 and 3550, ending up with the same problem as described above.

I applied the same config on a 3640 router, it worked the way I expected, i.e. I was able to log on using a password (without username). If I removed the vty command "login authentication VTY_LINE", I was unable to telnet to the router, also as I expected.

Maybe the IOS version I used for my switches has a bug, or I am missing something basic here. Help appreciated.

Huan

RSRack1SW3#sh ver | in IOS
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE, RELEASE SOFTWARE (fc1)

RSRack1SW2#sh ver | in IOS
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE, RELEASE SOFTWARE (fc1)

RSRack1SW2#sh run | in aaa
aaa new-model
aaa authentication login VTY_LINE line
aaa session-id common

RSRack1SW2#sh run | b line vty
line vty 0 4
 password cisco
 login authentication VTY_LINE
line vty 5 15
 password cisco
 login authentication VTY_LINE
!
end

RSRack1SW2#sh ip int brief | in Loop
Loopback0 150.1.8.8 YES NVRAM up up
RSRack1SW2#telnet 150.1.8.8
Trying 150.1.8.8 ... Open

! -_- NO LOGIN PROMPT -_-

RSRack1R3#c
Enter configuration commands, one per line. End with CNTL/Z.
RSRack1R3(config)#aaa new-model
RSRack1R3(config)#aaa authentication login VTY_LINE line
RSRack1R3(config)#line vty 0 15
RSRack1R3(config-line)# password cisco
RSRack1R3(config-line)# login authentication VTY_LINE
RSRack1R3(config-line)#
RSRack1R3(config-line)#
RSRack1R3#t
*Mar 1 17:10:57.675: %SYS-5-CONFIG_I: Configured from console by console
RSRack1R3#telnet 150.1.3.3
Trying 150.1.3.3 ... Open

User Access Verification

Password:

RSRack1R3#sh ver | in IOS
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(5a), RELEASE SOFTWARE (fc3)

Blogs and organic groups at http://www.ccie.net

• Next message: Huzefa: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Previous message: Fahad Khan: "Re: SNAT Behaviour"
• Next in thread: Huzefa: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huzefa: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Farrukh Haroon: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Farrukh Haroon: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Farrukh Haroon: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: paul cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Pavel Bykov: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Paul Cosgrove: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Maybe reply: Huan Pham: "RE: HELP - I locked myself after enabling aaa new-model ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART