This article will outline the steps and configuration required to configure username and password for a Cisco router or switch. This will use a locally stored username and password database for authentication when connecting to the device via Telnet or Console port.
Summary:
! aaa new model aaa authentication login default local ! username admin privilege 15 password cisco ! line vty 0 4 login authentication default no password !
1. Configure Username & Password Pairs
Begin by creating the username and password combinations that you want to allow on your device.
username <username> privilege 15 password <password>
Where privilege 15 = privileged EXEC level and 0 = user.
2. Enable Login using Local Passwords
By default, the Cisco device will disable username and password combinations, and instead use the login password and enable secret.
You must enable the new model of Authentication, Authorization and Accounting (AAA) using the command aaa new-model
aaa new-model
Then use the aaa authentication login command with the local method keyword to specify that the Cisco device will use the local username database for authentication.
aaa authentication login default local
3. Ensure Telnet Login is set to Local Database
Ensure that your terminal lines, including telnet, are configured to use the same local username and password database.
Use the login authentication command with the default authentication list. Then type no password to remove the old model password.
line vty 0 4 login authentication default no password
If you haven’t already done so, you can ensure your passwords are encrypted when you view your config file. Type the service password-encryption command so that the passwords you enter are encrypted in the config file.
For advanced configurations, see Configuring Authentication
See also: Configuring Passwords and Privileges