What does aaa new-model do to your Cisco logins?
It has been a long time since I have thought about aaa new-model as a Cisco configuration, mainly because it is not in the CCNA Routing and Switching official curriculum. However, once you attain your certification and become gainfully employed as a network admin, you will likely be exposed to enterprise networks which employ this method of controlling remote access to the Cisco gear. In this blog I will provide an introductory to look at how this command impacts login activities on a couple of Cisco routers.
I labbed it up in GNS3, and here is a view of my topology:
Figure 1
As you can see, I am fond of annotating my topologies, both to follow proper documentation procedures, and also to remind myself what I was doing the next time I launch this topology! I have the Windows 7 box running in Oracle Virtual Box (check out my GNS3 VirtualBox video blog on how to do this if you wish, as the process is similar for Windows 7) just to be able to initiate remote connections to my two routers, so let’s log in to R2. I have a username/password configured and I have issued the command login local on my vty lines. Let’s see what credentials I must supply to gain access:
Figure 2
As is typical, there is no output to the console when typing the password, nevertheless, I must have typed it correctly to gain access. Once again, this is with a username/password and login local configured. On R3, all I have on my vty lines is a password and the login command. Let’s see the difference in the login procedure:
Figure 3
As you can see, I was only required to provide a password – there was no request for a valid user name. The password that I typed was the word ‘login’. Now I will access R3 and from global configuration mode I will issue the command aaa new-model. Then I will examine the config on my vty lines:
Figure 4
Note that the configuration on my vty lines only mentions the password, which I stated previously was the word ‘login.’
Let’s log in again and see what ONLY THAT CHANGE does to the login process:
Figure 5
Now I am once again required to provide both a user name and a password to gain access. Incidentally, the password of “login” no longer works. I must use the password (secret) associated with the user name netadmin in order to pass authentication.
There is much much more that can be done once you have enabled aaa new-model, but as I said, I just wanted to scratch the surface and show that just typing the command with no additional configuration will have an impact on the device. That being said, don’t forget to create the username/password combination so that once you have issued the command, you are still able to remotely access the device.
If you have questions or comments, please feel free to post them!
Until next time…
Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ
Agile Methodology in Project Management
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
An Overview of Office 365 – Administration Portal and Admin Center
This is part 1 of our 5-part Office 365 free training course. In this Office 365 training video, instructor Spike Xavier introduces some of the most popular services found in Microsoft Office 365 including the Admin Portal and Admin Center. For instructor-led Office 365 training classes, see our course schedule: Spike Xavier SharePoint Instructor – … Continue reading An Overview of Office 365 – Administration Portal and Admin Center
Identifying and Fixing Misconfigured Subnet Masks in Your Network Environment
In this video, Cisco CCNA instructor Mark Jacob show how to find and fix misconfigured subnet masks in a typical IT network environment. Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ
Write a Comment
See what people are saying...
Share your thoughts...
Pingback: How to Add RADIUS to Your Cisco Logins