Unable to type in AS5300 telnet session

Discussion in 'Cisco' started by Matt, Jun 4, 2004.

  1. Matt

    Matt Guest

    Hi,
    I have an as5300 which I can console into fine.

    However.. if I try to telnet into it I get:

    Password:

    and I can't type or do anything.

    If I dial into it it says:

    Username: (I enter my username)
    Password: (I enter my password)

    It says %authentication failure
    and disconnects.

    Any ideas?
     
    Matt, Jun 4, 2004
    #1
    1. Advertising

  2. Matt

    mh Guest

    Connect to the AS5300 via the console, display the config and look at
    the "line config commands which are at the end of the config.

    The box must have aaa authentication enabled using local username and
    passwords or authenticating to a TACACS or RADIS server.

    If local authentication is enabled then you will see something like
    the following listed in your config:


    line con 0

    line vty 0 4
    login local
     
    mh, Jun 6, 2004
    #2
    1. Advertising

  3. Matt

    Matt Guest

    This is what I'm seeing:

    aaa authentication login SECURE group radius enable
    aaa authentication login CONSOLE local
    aaa authentication login AUX group radius enable
    aaa authentication login VTY line
    aaa authentication login vty line
    aaa authentication ppp default if-needed group radius local
    aaa authentication ppp enable group radius
    aaa authentication ppp radius group radius
    aaa authorization exec default group radius if-authenticated
    aaa authorization network default group radius if-authenticated
    aaa accounting exec default start-stop group radius
    aaa accounting network default start-stop group radius
    aaa session-id common

    ---other stuff -- snip ---

    !
    line con 0
    password 7 [removed]
    login authentication CONSOLE
    line 1 192
    exec-timeout 0 0
    no flush-at-activation
    modem InOut
    modem autoconfigure type mica2940
    rotary 1
    transport input all
    autoselect during-login
    autoselect ppp
    line aux 0
    line vty 0
    exec-timeout 2 0
    password 7 [removed]
    login authentication VTY
    transport input telnet
    line vty 1 4
    exec-timeout 2 0
    password 7 0008060850565B08
    login authentication VTY
    transport input telnet
    !
    !
    end


    As far as I can tell this is the same config that is on our other access
    servers and it works just fine there.
     
    Matt, Jun 7, 2004
    #3
  4. Matt

    Troy Fiddler Guest

    When you dial into it, I think the Username/Password prompt is a
    consequence of using the autoselect during-login command. Could it be
    that the authentication method you expect to be used is not the one
    actually used. Recheck the aaa authentication ppp commands?

    Matt wrote:

    > This is what I'm seeing:
    >
    > aaa authentication login SECURE group radius enable
    > aaa authentication login CONSOLE local
    > aaa authentication login AUX group radius enable
    > aaa authentication login VTY line
    > aaa authentication login vty line


    If you just want to use the line password (without using any aaa
    specific functionality) you could just replace login authentication with
    a straight login under your line vty configuration commands.

    To hazard a guess as to why this config will not accept a telnet
    connection - it could be that you have two seprate line passwords
    configured for vty (one for line vty 0, another for line vty 1 -4). aaa
    might then be confused as to which line password to use. Other
    suggestions: call your listname anything other than VTY (for example,
    telnet1 or telnet2)

    >
    > aaa authentication ppp default if-needed group radius local
    > aaa authentication ppp enable group radius
    > aaa authentication ppp radius group radius
    > aaa authorization exec default group radius if-authenticated
    > aaa authorization network default group radius if-authenticated
    > aaa accounting exec default start-stop group radius
    > aaa accounting network default start-stop group radius
    > aaa session-id common
    >
    > ---other stuff -- snip ---
    >
    > !
    > line con 0
    > password 7 [removed]
    > login authentication CONSOLE
    > line 1 192
    > exec-timeout 0 0
    > no flush-at-activation
    > modem InOut
    > modem autoconfigure type mica2940
    > rotary 1
    > transport input all
    > autoselect during-login
    > autoselect ppp
    > line aux 0
    > line vty 0
    > exec-timeout 2 0
    > password 7 [removed]
    > login authentication VTY
    > transport input telnet
    > line vty 1 4
    > exec-timeout 2 0
    > password 7 0008060850565B08
    > login authentication VTY
    > transport input telnet
    > !
    > !
    > end
    >
    >
    > As far as I can tell this is the same config that is on our other
    > access servers and it works just fine there.
     
    Troy Fiddler, Jun 15, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt
    Replies:
    1
    Views:
    816
    Aaron Leonard
    Feb 17, 2004
  2. BB
    Replies:
    1
    Views:
    429
    Hansang Bae
    Jan 4, 2005
  3. Replies:
    2
    Views:
    565
    Aaron Leonard
    Aug 5, 2005
  4. kalim
    Replies:
    0
    Views:
    1,089
    kalim
    Jul 12, 2007
  5. Replies:
    0
    Views:
    393
Loading...

Share This Page