Unable to type in AS5300 telnet session

Discussion in 'Cisco' started by Matt, Jun 4, 2004.

  1. Matt

    Matt Guest

    I have an as5300 which I can console into fine.

    However.. if I try to telnet into it I get:


    and I can't type or do anything.

    If I dial into it it says:

    Username: (I enter my username)
    Password: (I enter my password)

    It says %authentication failure
    and disconnects.

    Any ideas?
    Matt, Jun 4, 2004
    1. Advertisements

  2. Matt

    mh Guest

    Connect to the AS5300 via the console, display the config and look at
    the "line config commands which are at the end of the config.

    The box must have aaa authentication enabled using local username and
    passwords or authenticating to a TACACS or RADIS server.

    If local authentication is enabled then you will see something like
    the following listed in your config:

    line con 0

    line vty 0 4
    login local
    mh, Jun 6, 2004
    1. Advertisements

  3. Matt

    Matt Guest

    This is what I'm seeing:

    aaa authentication login SECURE group radius enable
    aaa authentication login CONSOLE local
    aaa authentication login AUX group radius enable
    aaa authentication login VTY line
    aaa authentication login vty line
    aaa authentication ppp default if-needed group radius local
    aaa authentication ppp enable group radius
    aaa authentication ppp radius group radius
    aaa authorization exec default group radius if-authenticated
    aaa authorization network default group radius if-authenticated
    aaa accounting exec default start-stop group radius
    aaa accounting network default start-stop group radius
    aaa session-id common

    ---other stuff -- snip ---

    line con 0
    password 7 [removed]
    login authentication CONSOLE
    line 1 192
    exec-timeout 0 0
    no flush-at-activation
    modem InOut
    modem autoconfigure type mica2940
    rotary 1
    transport input all
    autoselect during-login
    autoselect ppp
    line aux 0
    line vty 0
    exec-timeout 2 0
    password 7 [removed]
    login authentication VTY
    transport input telnet
    line vty 1 4
    exec-timeout 2 0
    password 7 0008060850565B08
    login authentication VTY
    transport input telnet

    As far as I can tell this is the same config that is on our other access
    servers and it works just fine there.
    Matt, Jun 7, 2004
  4. Matt

    Troy Fiddler Guest

    When you dial into it, I think the Username/Password prompt is a
    consequence of using the autoselect during-login command. Could it be
    that the authentication method you expect to be used is not the one
    actually used. Recheck the aaa authentication ppp commands?
    If you just want to use the line password (without using any aaa
    specific functionality) you could just replace login authentication with
    a straight login under your line vty configuration commands.

    To hazard a guess as to why this config will not accept a telnet
    connection - it could be that you have two seprate line passwords
    configured for vty (one for line vty 0, another for line vty 1 -4). aaa
    might then be confused as to which line password to use. Other
    suggestions: call your listname anything other than VTY (for example,
    telnet1 or telnet2)
    Troy Fiddler, Jun 15, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.