How to define Login Local for Console 0

klez0011klez0011 MemberMember Posts: 48 ■■□□□□□□□□
hi friends
i config below commands to configure AAA authenticate with Microsoft Active Directory 2008(CIsco Device Integrate with AD microsoft)
but while i unplugged Cisco Devices(Router and switches)from Network
i can't login to console
it's better to say i don't know how to login into cosole line whenever i don't connect to AD for Authenticate

aaa new-model
aaa group server radius ABCD
server-private 10.10.10.10 auth-port 1645 acc-port 1646 key KEYPASS (where 10.10.10.10 is AD ip adn KEYPASS is my shared key)

aaa authentication login default group ABCD
aaa authorization exec default group ABCD

!
line vty 0 4
login authentication default
transport input telnet ssh

!
line console 0
????????????????
i only type it----> login authentication default
icon_sad.gificon_sad.gificon_cry.gif

so i want any times that i don't connect to My AD or Network and physically access To Switches Or Router
i connect Console Port and without Looking Up To Active Directory Users i can Log into Console




so could you please help me which command shoud I type to do that ?

thanks a lot

Comments

  • pinkiaiiipinkiaiii Senior Member Member Posts: 216
    login authentication default

    did you create vlan with ip for your switch first,and presume it has domain name set to it,as well ?
    also not sure if you want remote access,since that would need nat,acls on router as well.

    since instead of authenticate default use line vty 0 4 pass cisco etc login transport input ssh or telnet ,line con 0 pass *** login

    or if in real environment better use ssh ,create usrnm,pass, generate crypto key rsa modulus 2048
    and use putty or tera term,since only reason for telnet i see is that youd use cmd,which outside lab environment isnt safe option.

    anyway some commands given could be different and took me couple GOs to do it properly,but heres link with basic commands i had in mind to setup ssh and telent.http://cs-study.blogspot.ie/2012/12/telnet-and-ssh-on-packet-tracer.html
  • klez0011klez0011 Member Member Posts: 48 ■■□□□□□□□□
    pinkiaiii wrote: »
    login authentication default

    did you create vlan with ip for your switch first,and presume it has domain name set to it,as well ?
    also not sure if you want remote access,since that would need nat,acls on router as well.

    since instead of authenticate default use line vty 0 4 pass cisco etc login transport input ssh or telnet ,line con 0 pass *** login

    or if in real environment better use ssh ,create usrnm,pass, generate crypto key rsa modulus 2048
    and use putty or tera term,since only reason for telnet i see is that youd use cmd,which outside lab environment isnt safe option.

    anyway some commands given could be different and took me couple GOs to do it properly,but heres link with basic commands i had in mind to setup ssh and telent.Telnet and SSH on packet tracer ~ Easy Learning

    hi again and thanks for your reply
    i have lots of vlan with an IP Address
    My Server 2008 NPS and Active Directory are both in same vlan as SWITCH (vlan 10)
    Yes Yes
    unfortunately while i try to remote access i face problem to %backup authentication icon_sad.gificon_cry.gifand i don't know why !!!!icon_confused.gif:icon_cry.gif

    Ok
    you mean that if i want to use both console 0 via Network(authenticate from AD)and when ever it is physical i use
    line con 0
    pass <mypassword>
    Login
    YES?
    and for remote Connection i mean Telnet can i use from
    line vty 0 4 AND line vty 5 15
    transport input all
    default authentication default

    ?
    Yes Yes i use in real environment and only just for CMD
    thanks a lot if you again reply me
  • DCDDCD Senior Member Member Posts: 469 ■■■■□□□□□□
    You have to add "local" or "enable" or "none" behind your configuration. For local you will need a username and password configured on the router.
    aaa authentication login default group ABCD local enable none
Sign In or Register to comment.