Setting Up User IDs

Problem

You want to assign individual (or group) user IDs and passwords to network staff.

Solution

To enable locally administered user IDs, use the following set of configuration commands:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#username ijbrown password oreilly
Router1(config)#username kdooley password cookbook
Router1(config)#aaa new-model
Router1(config)#aaa authentication login local_auth local
Router1(config)#line vty 0 4
Router1(config-line)#login authentication local_auth
Router1(config-line)#exit
Router1(config)#end
Router1#

The username command also allows you to create usernames without passwords by specifying the nopassword keyword:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#username weak nopassword
Router1(config)#aaa new-model
Router1(config)#aaa authentication login default local
Router1(config)#end
Router1#

However, we strongly recommend against doing this because it can severely weaken the router’s security.

Discussion

Enabling locally administered usernames overrides the default VTY password-based authentication system. When you enable the aaa new-model command, as shown in this recipe, the router will immediately begin to prompt for usernames as well as passwords. Assigning unique usernames to individuals or groups provides accountability, as we will show later. The following example shows the login prompt for a router using ...

Get Cisco IOS Cookbook, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.