Search this Blog

Friday, July 2, 2010

What are the login requirements on 4948 Catalyst?

Below are the commands that we entered on a 4948 Catalyst. Will this prompt us to enter the username and any password that we decide to use when logging into the switch?

!username root password 7 1524020217252574611E34301A0913104007 ! aaa new-model aaa authentication login default group root local aaa authentication fail-message ^You have failed to pass AAA login requirements!^ ! !

There are no TACACS or Radius involved with this.


The "group" usually indicates a Radius or TACACS Server, not a username. What's happening is that it's trying to hit a server group called root, which is assigned to some ip address, it's failing and rolling over to local which would allow us to log in as root. If you aren't using a TACACS or Radius Server, you should be safe in removing the group portion and using just:

aaa authentication login default local

It is recommended to do this in one window, and then telnetting into the device from another window to test. When messing with AAA, never make a change and logout before testing in another window; you could lock yourself out.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */