From: Ron.Fuller@xxxxxx
Date: Wed Jan 17 2001 - 09:00:52 GMT-3
Devender,
I am using a 2510 running IOS 11.2(5). Does it not work anyway with
the local-override command?
According to CCO:
To configure the Cisco IOS software to check the local user database for
authentication before attempting another form of authentication, use the
aaa authentication local-override global configuration command. Use the no
form of this command to disable the override.
This command is useful when you want to configure an override to the normal
authentication process for certain personnel such as system administrators.
When this override is set, the user is always prompted for the username.
The system then checks to see if the entered username corresponds to a
local account. If the username does not correspond to one in the local
database, login proceeds with the methods configured with other aaa
commands (such as aaa authentication login). Note that when using this
command Username: is fixed as the first prompt.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr/2rbook
/2raaa.htm#xtocid1573
Ron Fuller, CCIE #5851, CCDP, CCNP-ATM, CCNP-Security, CCNP-Voice, MCNE
3X Corporation
rfuller@3x.com
Devender Singh
<devender.singh@cmc.c To: Ron.Fuller@3x.com, Dev
ender Singh <devender.singh@cmc.cwo.net.au>
wo.net.au> cc: "CCIELIST (E-mail)" <c
cielab@groupstudy.com>, "Jason T. Rohm"
<jtrohm@athenet.net>, nobody@g
roupstudy.com
01/17/2001 04:16 AM Subject: RE: Reverse Telne
t AAA
Ron,
I tried this one on my 2511 running IOS 12.0(9) and the option
local-override does not appear. What IOS and Box are you using
cheers
-----Original Message-----
From: Ron.Fuller@3x.com [mailto:Ron.Fuller@3x.com]
Sent: Tuesday, 16 January 2001 22:15
To: Devender Singh
Cc: CCIELIST (E-mail); Jason T. Rohm; nobody@groupstudy.com
Subject: RE: Reverse Telnet AAA
Here's what I use on my terminal server:
aaa new-model
aaa authentication local-override
aaa authentication login default none
aaa authentication login telnet local
:
:
line vty 0 4
login authentication telnet
I have no login authentication string setup for the lines 1-8.
HTH!
Ron Fuller, CCIE #5851, CCDP, CCNP-ATM, CCNP-Security, CCNP-Voice, MCNE
3X Corporation
rfuller@3x.com
Devender Singh
<devender.singh@cmc.c To: "Jason T. Rohm"
<jtrohm@athenet.net>, "CCIELIST (E-mail)"
wo.net.au> <ccielab@groupstudy.com>
Sent by: cc:
nobody@groupstudy.com Subject: RE: Reverse
Telnet AAA
01/15/2001 09:13 PM
Please respond to
Devender Singh
That is a very good question. Best I could do is to make it use local
user/pass combination( don't use default for this one).
cheers
-----Original Message-----
From: Jason T. Rohm [mailto:jtrohm@athenet.net]
Sent: Tuesday, 16 January 2001 2:31
To: CCIELIST (E-mail)
Subject: Reverse Telnet AAA
I am having problems with my AAA on my terminal server.
I want to keep AAA (username + password) authentication on my terminal
server, but would like to disable the authentication when I reverse telnet
to my routers.
Does anyone know how to accomplish this?
Thank you,
Jason T. Rohm
Sr. Network Engineer
Wire Technologies, Inc
jtrohm@wiretech-inc.com
(920) 766-5172
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:32 GMT-3