i am trying to configure the switch to have both telnet and ssh.
from what i understand the "login local" command will tell the switch to ask for the user name and password i've configured using
username {name} secret {password}
from what i've learned about vty if no password is configured in (config-line)#
mode (in vty)
i will get an error
so my questions are:
- will i get an error if i am using "login local" + username & secret without a configured vty password?
- assuming i've set vty to "login local", i've given it a vty line password and
i gave the switch a username & secret with " username {name} secret {password} " when i telnet will it ask me for the vty line password or the username & secret?
so basiclly the subject is "does the login local command in the vty lines set all (in telnet and ssh) login requirments to be the username & secret and if so do i need to give the vty line a password in order for it to work.
Best Answer
The
login
command tells the Router to authenticate all incoming virtual terminal sessions (telnet, ssh, etc) via the password set withinline vty 0 4
. In the case above, it means usevtypw
.The
login local
command tells the Router to authenticate all incoming virtual terminal sessions via the local username database -- aka, users created using theusername XXX password YYY
command.Using
login local
skips the checking and validating against the VTY password set withinline vty 0 4
. Therefore, you do not need apassword
withinline vty 0 4
if you havelogin local
set.No, no errors. I just tested it in GNS3.
It will ask you for a username and expect the one from the local username database. Using the vty line password will not allow you access to the device.