Table of Contents

Cisco Login User and Password Configuration (SSH, RADIUS)



How to set a password

Host(config)#service password-encryption   <- Turn on password encyption

Host(config)#enable secret xxxxxxxxxx      <- Enable Password


Host(config)#line console 0                <- Console login password
Host(config-line)#password xxxxxxxxxx
Host(config-line)#login

Host(config)#line vty 0 4                <- Telnet login password
Host(config-line)#password xxxxxxxxxx
Host(config-line)#login


Close session with timeout

Console
Host(config)#line console 0
Host(config-line)#exec-timeout  60  0     <- 60minites
Telnet
Host(config-line)#line vty 0 4
Host(config-line)#exec-timeout  60  0     <- 60minites 
unlimited session timeout
Host(config-line)#exec-timeout  0  0

or

Host(config-line)#no exec-timeout 


SSH - How to login with SSH

Host# conf t
Host(config)# username  <USER>  password <PASS>
Host(config)# show user-account

Host(config)# aaa new-model

Host(config)# ip domain-name example.com
Host(config)# hostname test1
test1(config)# ip ssh version 2
test1(config)# crypto key generate rsa
How many bits in the modulus [512]:2048
Host(config)# username  <USER>  password <PASS>
Host(config)# username  <USER>  password <PASS> role <ROLE>


Make the connection SSH only
test1(config)# line vty 0 4
test1(config-line)# transport input ssh


RADIUS - How to login with radius server authentication.

RADIUS -> Local Auth

Fallback to local authentication when RADIUS server goes down.

IOS

aaa new-model

aaa authentication login AUTHENTICATION-LINE line
aaa authentication login AUTHENTICATION-RADIUS group radius local
aaa authentication exec AUTHENTICATION-RADIUS group radius local


!! L3
ip radius source-interface VlanXXXX


radius server RADIUS1
 address ipv4 192.168.1.100 auth-port 1654 acct-port 1646
 key XXXXX


line con 0
 login authentication AUTHENTICATION-LINE

line vty 0 15
 authentication exec AUTHENTICATION-RADIUS
 login authentication AUTHENTICATION-RADIUS

IOS with VRF

aaa new-model


aaa group server radius management
 server-private 192.168.1.100 key XXXXX
 ip vrf forwarding  XXXXXXX
 ip radius source-interface VlanXXX


aaa authentication login AUTHENTICATION-LINE line
aaa authentication login AUTHENTICATION-RADIUS group management local
aaa authentication exec AUTHENTICATION-RADIUS group management local


line con 0
 login authentication AUTHENTICATION-LINE

line vty 0 15
 authentication exec AUTHENTICATION-RADIUS
 login authentication AUTHENTICATION-RADIUS