Jump to content
Sadikhov IT Certification forums
Sign in to follow this  

Question about aaa default method list...

Recommended Posts

I've been playing around with aaa method lists, as well as privilege levels and have a question about the following config. I know by default that the "default" method list is applied to all lines and interfaces. With the config below, aaa is enabled, but no method list is defined.


When I telnet to the router that has the config shown below, I am prompted for a Username. I enter buck for the username and rogers for the password. I get logged in, but I'm placed at priv level 1 (not 4 as I had expected to be). So, a couple of questions:


Since I did not create a default method list (e.g. aaa authentication login default group tacacs+ local enable), why did it default to using the local database? Is there a "default" default method list (a bit redundant, but I hope you know what I mean) that the router will use if one isn't configured? If so, which methods does it try, and in what sequence? For example, does it try tacacs+ first, then local, then enable?


Why did I get placed into priv lvl 1, when the username was assigned to priv lvl 4?

enable password cisco
aaa new-model
username buck privilege 4 password 0 rogers
line vty 0 4
I'm doing my testing using GNS3.
Edited by hikingguy

Share this post

Link to post
Share on other sites

If the default list is not set, only the local user database is checked. This has the same effect as the following command:


aaa authentication login default local

Best reference is here http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfathen.html#wp1017794



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this