Sign in to follow this  
Followers 0
hikingguy

Question about aaa default method list...

3 posts in this topic

I've been playing around with aaa method lists, as well as privilege levels and have a question about the following config. I know by default that the "default" method list is applied to all lines and interfaces. With the config below, aaa is enabled, but no method list is defined.

 

When I telnet to the router that has the config shown below, I am prompted for a Username. I enter buck for the username and rogers for the password. I get logged in, but I'm placed at priv level 1 (not 4 as I had expected to be). So, a couple of questions:

 

Since I did not create a default method list (e.g. aaa authentication login default group tacacs+ local enable), why did it default to using the local database? Is there a "default" default method list (a bit redundant, but I hope you know what I mean) that the router will use if one isn't configured? If so, which methods does it try, and in what sequence? For example, does it try tacacs+ first, then local, then enable?

 

Why did I get placed into priv lvl 1, when the username was assigned to priv lvl 4?

enable password cisco
aaa new-model
username buck privilege 4 password 0 rogers
!
line vty 0 4
I'm doing my testing using GNS3.
Edited by hikingguy
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0