Confused Between Different Types Of Login

Is console a type of local login?
What is the difference between "line vty login local" and "aaa local-user".

Basically I am confused between these 3 types of login methods:
1) console
2) line vty login local
3) aaa local user login

They all seem "local" to me.
I cant tell the difference.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

TechGromit

1) console

you have to be physically "local" to the switch to login via a console cable.

2) line vty login local

this allows IP connections to connect via ethernet, you can be in China and still connect, but your using local user name and password to access the switch.

3) aaa local user login

this allows IP connections to connect via ethernet, you can be in China and still connect, but your using local user name and password to access the switch. This is very important to set up if your using an authentication server, without this line, you can lock yourself out of the switch if your authentication server is down. Or the switch loses connection to the network. Recovery would require local access, console cable, rebooting the switch into rommon mode.

foreverlearning

TechGromit said:

1) console

you have to be physically "local" to the switch to login via a console cable.

2) line vty login local

this allows IP connections to connect via ethernet, you can be in China and still connect, but your using local user name and password to access the switch.

3) aaa local user login

this allows IP connections to connect via ethernet, you can be in China and still connect, but your using local user name and password to access the switch. This is very important to set up if your using an authentication server, without this line, you can lock yourself out of the switch if your authentication server is down. Or the switch loses connection to the network. Recovery would require local access, console cable, rebooting the switch into rommon mode.

Hi,
I am still confused because this statement is repeated for both "line vty login local" and "aaa local user login":

"this allows IP connections to connect via ethernet, you can be in China and still connect, but your using local user name and password to access the switch. "

If so, what is the difference between them?

TechGromit

foreverlearning said:

I am still confused because this statement is repeated for both "line vty login local" and "aaa local user login":

line vty login local - this allows a virtual remote session via ethernet. This is where you can telnet to the switch from anywhere on your network, or outside your network via a VPN. Your using the local username and Password to log in.

aaa local user login - this allows a virtual remote session via ethernet, but only if the aaa server isn't reachable. If the aaa server is available, your account on either a TACAC or Radius server will be used. Your using the local username and Password to log in, but this local account is disabled if the aaa server is available / reachable.

Preferably ssh should be used to access the switch remotely. If you use ssh, you must add the following lines to your config

ip ssh version 2

crypto key generate rsa modulus X

X = a number can be 512, 1024, 2048, etc.

line vty 0 15
access-class acl-vty-session in
transport input ssh

(this restricts up to 16 virtual sessions to only allow ssh remote connections. Yes, you can have 16 simultaneous management connections to one switch, not really sure why this level of support is provided.)

foreverlearning

TechGromit said:

foreverlearning said:

I am still confused because this statement is repeated for both "line vty login local" and "aaa local user login":

line vty login local - this allows a virtual remote session via ethernet. This is where you can telnet to the switch from anywhere on your network, or outside your network via a VPN. Your using the local username and Password to log in.

aaa local user login - this allows a virtual remote session via ethernet, but only if the aaa server isn't reachable. If the aaa server is available, your account on either a TACAC or Radius server will be used. Your using the local username and Password to log in, but this local account is disabled if the aaa server is available / reachable.

Preferably ssh should be used to access the switch remotely. If you use ssh, you must add the following lines to your config

ip ssh version 2
crypto key generate rsa modulus X

X = a number can be 512, 1024, 2048, etc.

line vty 0 15
access-class acl-vty-session in
transport input ssh

(this restricts up to 16 virtual sessions to only allow ssh remote connections. Yes, you can have 16 simultaneous management connections to one switch, not really sure why this level of support is provided.)

Now I understand what "aaa local user login" is. Thank you very mch!