hi guys

the following is my configuration

aaa new-model
aaa authentication login ADMIN local
aaa authentication login USER local
!
username admin password 0 admin
username cisco password 0 cisco
.
.
.
.
line con 0
exec-timeout 0 0
logging synchronous
login authentication ADMIN
line aux 0
line vty 0 1
login authentication USER
line vty 2 4
!
end

and tested the authentication configuration on both connection (console and telnet), as the configuration i expected that if i connect to router using line telnet i only can use the username cisco and password cisco. and if i connect using console the username admin and password admin will be use to it, but the fact both line can user both username and password.

is my configuration correct or not to get my goal ?

Both of your authentication methods specify local. The local database has 2 users in it. Therefore both of your authentication methods are identical.

See, there's no relationship between the ADMIN authentication method, and the admin user. Just because you named them the same doesn't mean that they are related.

_________________
blog.brokennetwork.ca

what exactly purpose of "WORD" inside of aaa authentication login "WORD" command ? is there any example configuration which using different name of authentication methode ?

The purpose is to have different order of authentication methods. Both of the lists you created used the exact same authentication method: local. An example is if you wanted to have you SSH authenticate via RADIUS, and you wanted your HTTP to authenticate via the local database.

_________________
blog.brokennetwork.ca

i undestand now. thanks