No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-can not telnet to login SVN3000 device

Publication Date:  2012-11-01 Views:  108 Downloads:  0
Issue Description
Configure that VTY 0-4 terminal use the aaa authentication, aaa user password is correct, user level is level 3, but when login prompt the user password error.
1. Configure vty 0-4 terminal use aaa authentication
[SVN3000-ui-vty0-4]dis this                                                                                                                
user-interface con 0                                                          
authentication-mode none                                                     
set authentication password simple Admin@123                                 
idle-timeout 0 0                                                              
user-interface vty 0 4                                                        
authentication-mode aaa  
2. Configure aaa username, password and level
[SVN3000-aaa]dis this
aaa                                                                                                         
local-user admin password simple Admin@123                                   
local-user admin level 3                     
3.  Check the use type is ALL, have the telnet login right: [SVN3000-aaa]dis local-user


4.  Try to login SVN device, but login error:


Alarm Information
none
Handling Process
The default authentication scheme configuration error lead to the user without inquiring the user password from aaa users when telnet login, so login failure, can through the following operation to solve problem:

1 through the serial port login device
2 enter the authentication-scheme default view
[SVN3000]aaa
[SVN3000-aaa]authentication-scheme default   
[SVN3000-aaa-authen-default]                                                                                                        
3 modify the authentication-mode as local in the the authentication-scheme default view(default configuration,do not generate current-configuration)
[SVN3000-aaa-authen-default]authentication-mode local
4 after modify the configuration, check the configuration under the aaa view:
[SVN3000-aaa]dis th                                                            
#                                                                             
aaa                                                                                                              
local-user admin password simple Admin@123                                    
local-user admin level 3                                                     
authentication-scheme default ----default local authentication do not display configuration                                               
authentication-scheme vt1.scm                                                
  authentication-mode  vpndb                                                  
authentication-scheme vt2.scm                                                
  authentication-mode  vpndb                                                  
#                                                                             
authorization-scheme default                                                  
authorization-scheme vt1.scm                                                 
  authorization-mode  vpndb                                                   
authorization-scheme vt2.scm                                                 
  authorization-mode  vpndb        
5 telnet login SVN again,and login success.


Root Cause
Check aaa view configuration,find the default authentication is set as vpndb aaa                                                                            
local-user admin password simple Admin@123                                   
local-user admin level 3                                                     
authentication-scheme default                                                
  authentication-mode  vpndb                                                  
authentication-scheme vt1.scm                                                
  authentication-mode  vpndb                                                  
authentication-scheme vt2.scm                                                
  authentication-mode  vpndb                                                  
#                                                                             
authorization-scheme default                                                  
authorization-scheme vt1.scm                                                 
  authorization-mode  vpndb                                                   
authorization-scheme vt2.scm                                                  
  authorization-mode  vpndb                                                   
#                                                                             
domain default                                                                
domain vt1.dom                                                               
  authentication-scheme  vt1.scm                                              
  authorization-scheme vt1.scm                                                 
  radius-server vt1.tpl                                                       
  ldap-server vt1.tpl                                                         
  securid-server vt1.tpl                                                      
  ad-server vt1.tpl
Suggestions
If the serial port is also set as aaa authentication, can only export the configuration file, manually modify the above configuration, and then import to device. After restart, it becomes effective.

END