How to define Login Local for Console 0

klez0011

hi friends
i config below commands to configure AAA authenticate with Microsoft Active Directory 2008(CIsco Device Integrate with AD microsoft)
but while i unplugged Cisco Devices(Router and switches)from Network
i can't login to console
it's better to say i don't know how to login into cosole line whenever i don't connect to AD for Authenticate

aaa new-model
aaa group server radius ABCD
server-private 10.10.10.10 auth-port 1645 acc-port 1646 key KEYPASS (where 10.10.10.10 is AD ip adn KEYPASS is my shared key)

aaa authentication login default group ABCD
aaa authorization exec default group ABCD

!
line vty 0 4
login authentication default
transport input telnet ssh
!
line console 0
????????????????
i only type it----> login authentication default

so i want any times that i don't connect to My AD or Network and physically access To Switches Or Router
i connect Console Port and without Looking Up To Active Directory Users i can Log into Console



so could you please help me which command shoud I type to do that ?

thanks a lot

pinkiaiii

login authentication default

did you create vlan with ip for your switch first,and presume it has domain name set to it,as well ?
also not sure if you want remote access,since that would need nat,acls on router as well.

since instead of authenticate default use line vty 0 4 pass cisco etc login transport input ssh or telnet ,line con 0 pass *** login

or if in real environment better use ssh ,create usrnm,pass, generate crypto key rsa modulus 2048
and use putty or tera term,since only reason for telnet i see is that youd use cmd,which outside lab environment isnt safe option.

anyway some commands given could be different and took me couple GOs to do it properly,but heres link with basic commands i had in mind to setup ssh and telent.http://cs-study.blogspot.ie/2012/12/telnet-and-ssh-on-packet-tracer.html

klez0011

pinkiaiii wrote: »

login authentication default

did you create vlan with ip for your switch first,and presume it has domain name set to it,as well ?
also not sure if you want remote access,since that would need nat,acls on router as well.

since instead of authenticate default use line vty 0 4 pass cisco etc login transport input ssh or telnet ,line con 0 pass *** login

or if in real environment better use ssh ,create usrnm,pass, generate crypto key rsa modulus 2048
and use putty or tera term,since only reason for telnet i see is that youd use cmd,which outside lab environment isnt safe option.

anyway some commands given could be different and took me couple GOs to do it properly,but heres link with basic commands i had in mind to setup ssh and telent.Telnet and SSH on packet tracer ~ Easy Learning

hi again and thanks for your reply
i have lots of vlan with an IP Address
My Server 2008 NPS and Active Directory are both in same vlan as SWITCH (vlan 10)
Yes Yes
unfortunately while i try to remote access i face problem to %backup authentication and i don't know why !!!!:

Ok
you mean that if i want to use both console 0 via Network(authenticate from AD)and when ever it is physical i use
line con 0
pass <mypassword>
Login
YES?
and for remote Connection i mean Telnet can i use from
line vty 0 4 AND line vty 5 15
transport input all
default authentication default

?
Yes Yes i use in real environment and only just for CMD
thanks a lot if you again reply me

DCD

You have to add "local" or "enable" or "none" behind your configuration. For local you will need a username and password configured on the router.
aaa authentication login default group ABCD local enable none