Jump to content


Question about aaa default method list...


  • Please log in to reply
2 replies to this topic

#1 hikingguy

hikingguy

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 27 December 2014 - 08:02 AM

I've been playing around with aaa method lists, as well as privilege levels and have a question about the following config. I know by default that the "default" method list is applied to all lines and interfaces. With the config below, aaa is enabled, but no method list is defined.

 

When I telnet to the router that has the config shown below, I am prompted for a Username. I enter buck for the username and rogers for the password. I get logged in, but I'm placed at priv level 1 (not 4 as I had expected to be). So, a couple of questions:

 

Since I did not create a default method list (e.g. aaa authentication login default group tacacs+ local enable), why did it default to using the local database? Is there a "default" default method list (a bit redundant, but I hope you know what I mean) that the router will use if one isn't configured? If so, which methods does it try, and in what sequence? For example, does it try tacacs+ first, then local, then enable?

 

Why did I get placed into priv lvl 1, when the username was assigned to priv lvl 4?

 
enable password cisco
aaa new-model
username buck privilege 4 password 0 rogers
!
line vty 0 4
 
I'm doing my testing using GNS3.
 
 
 

Edited by hikingguy, 27 December 2014 - 08:24 AM.

  • 0

#2 hikingguy

hikingguy

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 01 January 2015 - 05:39 AM

bump


  • 0

#3 MarkinManchester

MarkinManchester

    Village Elder

  • Veterans
  • PipPipPipPipPip
  • 3976 posts
  • Gender:Male
  • Location:Manchester

Posted 07 January 2015 - 04:33 AM

If the default list is not set, only the local user database is checked. This has the same effect as the following command:

 

aaa authentication login default local

Best reference is here http://www.cisco.com....html#wp1017794

 

 


  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users