Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VTY Help!!!!

Status
Not open for further replies.

jarcna

IS-IT--Management
Nov 23, 2006
23
US
I have a problem remotely getting into some Cisco 2950 switches. For some reason I cannot telnet into them. I login in locally,
config t
line vty 0 15
login ?

Then it says I need to use an authention.
So I back out can checked the configs

show config

I see a bunch of "aaa authention """"
Off the top of my head I remember a few

"aaa authen login line line"
"aaa authen login none none"

So I'm not sure what to do. I have other switches that I set up with no problem. I assign a password to "line vty 0 15" and I get in there with no problem. No username which i would also like to know what I'm doing wrong there. It only asked for the password when I telnet, but thats another issue. Back to the main problem...so I created a new authen.
"aaa authen login line local"
Thinking that it would want the same username and password that I used to login in locally. Assoicated the "line vty 0 15" with the new authen that I created. Still did not work. I went ahead deleted the others thinking that might be causing some issues. Still nothing. Wondering if you guys know whats up. I'm sure you guys do. Sorry for such a long post. Thanks everyone.

Jared
 
What message do you get when you try to telnet? Does it tell you Password required but none set?


Try setting the vty passwrd:

line vty 0 4
password letmein
login
 
When I telnet it asks me for User Access Verification, I type in what I think/want it to be but it says "Authentication Failed"...
 
I've been doing some reading...do guys think this problem might have something to do with "SSH". I was reading that "telnet" can be disabled when using "SSH"??? Any thoughts? Thanks.

-Jared
 
On the newer switches you don't need the login command just add the password .
 
If you post your config it would be much easier to try and help you troubleshoot this. What i think your problem is that is in your command "aaa authen login line local" you are specifying that your first authentication procedure will be your line password, then your local database. So if you have a line password configured then that will be used and if not then your local database will be used. You want your config to be as such, aaa authen local line which reverses the order of your method of authentication.

So i am going to assume as well that you are not using cisco solution of ACS right? so there are no servers that you have configured for authentication?

If you want to log in with username and password then use the above information, if you want to only use your password for your vty lines then in global config mode input the commad no aaa new-model, then go line vty and put the proper commands in for you to login.\

jarcna, you are referring to the command transport input. By default everything is allowed, but you can configure it to only allow certain types of access.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top