This should be a no-brainer for anyone preparing for the CCIE lab exam (I'll not elaborate why, but you could guess), but here it is for the benefits of everyone else: if you want to enable AAA on Cisco IOS but still retain local usernames (at least for the console access), this is how you do it:
- Define local usernames with username xxx password yyy command (I would prefer the secret option if your IOS supports it).
- Configure aaa new-model.
- Configure a named AAA authentication list with the aaa authentication login MyList local.
- Attach the named AAA authentication list to the console line with the login authentication MyList command.
Note: this article is part of You've asked for it series.