i am trying to configure the switch to have both telnet and ssh.
from what i understand the "login local" command will tell the switch to ask for the user name and password i've configured using
username {name} secret {password}
from what i've learned about vty if no password is configured in (config-line)#
mode (in vty)
i will get an error
so my questions are:
- will i get an error if i am using "login local" + username & secret without a configured vty password?
- assuming i've set vty to "login local", i've given it a vty line password and
i gave the switch a username & secret with " username {name} secret {password} " when i telnet will it ask me for the vty line password or the username & secret?
so basiclly the subject is "does the login local command in the vty lines set all (in telnet and ssh) login requirments to be the username & secret and if so do i need to give the vty line a password in order for it to work.
Best Answer
The
logincommand tells the Router to authenticate all incoming virtual terminal sessions (telnet, ssh, etc) via the password set withinline vty 0 4. In the case above, it means usevtypw.The
login localcommand tells the Router to authenticate all incoming virtual terminal sessions via the local username database -- aka, users created using theusername XXX password YYYcommand.Using
login localskips the checking and validating against the VTY password set withinline vty 0 4. Therefore, you do not need apasswordwithinline vty 0 4if you havelogin localset.No, no errors. I just tested it in GNS3.
It will ask you for a username and expect the one from the local username database. Using the vty line password will not allow you access to the device.