1-800-264-9029|602-266-8500
  • Course Schedule
    • Microsoft Training
      • Microsoft Fundamentals Training
      • Windows Client
      • Teams
      • Teams / Microsoft 365 / MS365
      • Windows Server 2019
      • SQL Server Transact-SQL
      • SQL Server Administration
      • SQL Server Business Intelligence
      • Power BI
      • Power Platform
      • Azure
      • Data Engineering / Machine Learning
      • Artificial Intelligence (AI)
      • M365 Messaging
      • PowerShell
      • System Center
      • SharePoint
      • Microsoft Security
    • Cloud Computing
      • Azure
      • Amazon Cloud (AWS)
    • Developer Training
      • DevOps
      • Web Development
      • Java Programming
      • Python
    • Cisco Training
      • Cisco CCNA
      • Cisco Routing and Switching
      • Cisco Security
      • Cisco Wireless
      • Cisco Data Center and Storage
      • Cisco Collaboration
      • Cisco Contact Center
      • Cisco DevNet
    • CompTIA Certification
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
    • Business Training
      • Project Management
      • ITIL
      • NIST
      • Business Analysis (PBA & CBAP)
      • Agile
    • Security Training
      • EC-Council
      • ISC2
      • Microsoft Security
      • CompTIA Security
      • NIST
      • Cisco Security
    • Wireless Training
      • Wireless Networking
    • Other Training
      • VMware
      • F5 Networks
      • Microsoft Excel
  • Exams
    • Student Pricing
  • Subscriptions
  • Interface Gold
    • RemoteLive™
    • Replay™
    • Interface Gold™ Benefits
  • On-Demand
  • Resources
    • Tech Blogs
    • Tech Videos
    • Microsoft Learn Catalog
  • About
    • Instructors
    • Interface TechPak
    • Group Training & Private Classes
    • Contact

What does aaa new-model do to your Cisco logins?

Home > Blogs > Cisco > What does aaa new-model do to your Cisco logins?

What does aaa new-model do to your Cisco logins?

1 1 Mark Jacob
Added by Mark Jacob October 21, 2015

It has been a long time since I have thought about aaa new-model as a Cisco configuration, mainly because it is not in the CCNA Routing and Switching official curriculum. However, once you attain your certification and become gainfully employed as a network admin, you will likely be exposed to enterprise networks which employ this method of controlling remote access to the Cisco gear. In this blog I will provide an introductory to look at how this command impacts login activities on a couple of Cisco routers.

I labbed it up in GNS3, and here is a view of my topology:

001-aaa-new-model-Cisco-login

Figure 1

As you can see, I am fond of annotating my topologies, both to follow proper documentation procedures, and also to remind myself what I was doing the next time I launch this topology! I have the Windows 7 box running in Oracle Virtual Box (check out my GNS3 VirtualBox video blog on how to do this if you wish, as the process is similar for Windows 7) just to be able to initiate remote connections to my two routers, so let’s log in to R2. I have a username/password configured and I have issued the command login local on my vty lines. Let’s see what credentials I must supply to gain access:

002-UAC-aaa-new-model-Cisco-login

Figure 2

As is typical, there is no output to the console when typing the password, nevertheless, I must have typed it correctly to gain access. Once again, this is with a username/password and login local configured. On R3, all I have on my vty lines is a password and the login command. Let’s see the difference in the login procedure:

003-UAC-aaa-new-model-Cisco-login

Figure 3

As you can see, I was only required to provide a password – there was no request for a valid user name. The password that I typed was the word ‘login’. Now I will access R3 and from global configuration mode I will issue the command aaa new-model. Then I will examine the config on my vty lines:

004-config-vty-lines-aaa-new-model-Cisco-login

Figure 4

Note that the configuration on my vty lines only mentions the password, which I stated previously was the word ‘login.’

Let’s log in again and see what ONLY THAT CHANGE does to the login process:

005-config-vty-lines-aaa-new-model-Cisco-login

Figure 5

Now I am once again required to provide both a user name and a password to gain access. Incidentally, the password of “login” no longer works. I must use the password (secret) associated with the user name netadmin in order to pass authentication.

There is much much more that can be done once you have enabled aaa new-model, but as I said, I just wanted to scratch the surface and show that just typing the command with no additional configuration will have an impact on the device. That being said, don’t forget to create the username/password combination so that once you have issued the command, you are still able to remotely access the device.

If you have questions or comments, please feel free to post them!

 

Until next time…

Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ

Subscribe to this author's posts feed via RSS

You May Also Like

  • Cisco CCNA and CCNP networking training videos by Interface Technical Training
    Cisco CCNA and CCNP Certification Update 2019 – 2020
  • Understanding Network Cable Testers
    Understanding Network Cable Testers
  • Fixing Incorrect System Time and Setting Internet Time Settings
    Fixing Incorrect System Time and Setting Internet Time…
  • Using Command Line Utilities for Troubleshooting Name Resolution
    Using Command Line Utilities for Troubleshooting Name…
Category Cisco

Tags

aaa new-model, authentication, Cisco, credentials, GNS3, login, remote access, telnet, Virtual Box

Videos You May Like

A Simple Introduction to Cisco CML2

A Simple Introduction to Cisco CML2

0 3804 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Cable Testers and How to Use them in Network Environments

Cable Testers and How to Use them in Network Environments

0 694 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments

How to create a Cisco IOS Banner – Login and MOTD Message of the Day

How to create a Cisco IOS Banner – Login and MOTD Message of the Day

0 4290 4

In this video, Cisco CCNA instructor Mark Jacob shows how to create a Login and Message of the Day (MOTD) banners in Cisco IOS. The Banner is an interesting feature of the Cisco IOS. You could probably get by without it, but in a commercial environment you want to have it.

Write a Comment

See what people are saying...

  1. Pingback: How to Add RADIUS to Your Cisco Logins

Share your thoughts...

Please fill out the comment form below to post a reply.

Microsoft Subscription

Blogs by Technology

  • Amazon AWS (2)
  • Azure Cloud Computing (2)
  • Business Analysis (8)
  • Cisco (126)
  • CompTIA (71)
  • Developer Visual Studio / ASP.NET (62)
  • Exchange Server (47)
  • ITIL / COBIT (33)
  • Lync Server (3)
  • Office 365 (5)
  • PMP Project Management (63)
  • PowerShell (81)
  • Security (47)
  • SharePoint (93)
  • SQL Server (78)
  • System Center (13)
  • Web Development (60)
  • Windows 10 (65)
  • Windows 7 (124)
  • Windows 8 (85)
  • Windows Server (74)
  • Windows Server 2012 (90)
  • Windows Server 2016 (14)
  • Wireless (9)
  • Wireshark (5)

Blogs by Instructor

  • Dan Wahlin (44)
  • Don Jones (15)
  • Dr. Avril Salter (6)
  • Greg Richard (1)
  • Interface (49)
  • Jason Helmick (38)
  • Jeff Jones (18)
  • Jeremy Cioara (8)
  • Mark Jacob (129)
  • Mark Thomas (28)
  • Mike Danseglio (93)
  • Mike Pfeiffer (35)
  • Peter Avila (32)
  • Rick Trader (127)
  • Spike Xavier (86)
  • Steve Fullmer (163)
  • Suzanne Van Hove (1)

Blogs You May Like

  • The Easy Way to Convert Decimal Numbers to Binary Numbers and Back Again
  • Cisco CCNA and CCNP Certification Update 2019 – 2020
  • How to use File Hashing and Integrity Monitoring Algorithms for File Validation using Certutil MD5 and WinMD5Free
  • Using Command Line Utilities for Troubleshooting Name Resolution
  • Installing DNS from scratch on a Windows Server
  • Understanding Network Cable Testers

Video Courses

  • ITIL 4 Foundation Certification Video Training Course
  • Project Management Professional (PMP®) Certification Video Training PMBOK® 6th Edition
  • PMI-PBA Business Analysis for IT Analysts and Project Managers (PMI-PBA)® Certification
  • SharePoint Designer 2013 for American Express
  • CompTIA Network+ (Coming Soon!)
  • CompTIA Security+ (Coming Soon!)
  • CompTIA A+ Certification Core 1 1001 (Coming Soon)
  • CompTIA A+ Certification Core 2 1002 (Coming Soon)

Live Training Courses

  • NET+007: CompTIA Network+ Certification Training + N10- 007 Exam
  • PowerShell - 10961: Automating Administration with Windows PowerShell
  • ITIL4® Foundation Certification Course with Exam
  • AZ-100: Azure Infrastructure and Deployment Training
  • PMI-PBA: Business Analysis for IT Analysts and Project Managers (PMI-PBA Certification)
  • Cisco CCNA - ICND1v3 Interconnecting Cisco Networking Devices CCNA Part 1
  • COBIT205: COBIT® 5 Foundation and Implementation IT Governance Training
  • DEV415: Microservices with ASP.NET Core and Docker
  • IT Security - SEC+501: CompTIA Security+ with Certification Exam SY0-501
  • SQL Server - SQL101: Introduction to Transact SQL
Facebook
Twitter
Linked In
Comment
EMAIL

About Us

  • Interface Gold™ Benefits
  • Interface TechPak
  • Group Training & Private Classes

Contact Us

3115 N 3rd Ave
G130
Phoenix, AZ 85013

602-266-8500

Stay in touch on our social channels!
Twitter
Facebook
LinkedIn
State of Arizona Contract # ADSPO18-210228

Copyright © 2023 Interface Technical Training. All Rights Reserved.

Interface Live Training Terms and Conditions Terms of Use Microsoft Subscription Terms and Conditions Privacy Policy WIOA Policy

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.