RE: Reverse Telnet AAA

From: Bernard Dunn (dunn@xxxxxxxxx)
Date: Wed Jan 17 2001 - 09:25:19 GMT-3

• Next message: Balcerzak, Bart (Lucent): "date swap"
• Previous message: David FAHED: "Re: OSPF/IGRP redistribution and default-network"
• Maybe in reply to: Jason T. Rohm: "Reverse Telnet AAA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The config below is for 11.2 IOS. The 'local-override' meant all lists had
to check local first.

But since 11.3, when configuring aaa authentication lists, you can have
'local' as the first method checked, as part of the argument...

ie:

11.2:
aaa new-model
aaa authentication local-override
aaa authentication login default radius none

is equal to

11.3
aaa new-model
aaa authentication login default local radius none

=========
but more flexible:

11.3
aaa new-model
aaa authentication login default radius local none

Regards

Bernard.

On Wed, 17 Jan 2001, Devender Singh wrote:

> Ron,
>
> I tried this one on my 2511 running IOS 12.0(9) and the option
> local-override does not appear. What IOS and Box are you using
>
> cheers
> -----Original Message-----
> From: Ron.Fuller@3x.com [mailto:Ron.Fuller@3x.com]
> Sent: Tuesday, 16 January 2001 22:15
> To: Devender Singh
> Cc: CCIELIST (E-mail); Jason T. Rohm; nobody@groupstudy.com
> Subject: RE: Reverse Telnet AAA
>
>
>
> Here's what I use on my terminal server:
>
> aaa new-model
> aaa authentication local-override
> aaa authentication login default none
> aaa authentication login telnet local
> :
> :
> line vty 0 4
> login authentication telnet
>
> I have no login authentication string setup for the lines 1-8.
>
> HTH!
>
> Ron Fuller, CCIE #5851, CCDP, CCNP-ATM, CCNP-Security, CCNP-Voice, MCNE
> 3X Corporation
> rfuller@3x.com
>
>
>
>
> Devender Singh
>
> <devender.singh@cmc.c To: "Jason T. Rohm"
> <jtrohm@athenet.net>, "CCIELIST (E-mail)"
> wo.net.au> <ccielab@groupstudy.com>
>
> Sent by: cc:
>
> nobody@groupstudy.com Subject: RE: Reverse
> Telnet AAA
>
>
>
>
> 01/15/2001 09:13 PM
>
> Please respond to
>
> Devender Singh
>
>
>
>
>
>
>
>
>
> That is a very good question. Best I could do is to make it use local
> user/pass combination( don't use default for this one).
>
> cheers
>
> -----Original Message-----
> From: Jason T. Rohm [mailto:jtrohm@athenet.net]
> Sent: Tuesday, 16 January 2001 2:31
> To: CCIELIST (E-mail)
> Subject: Reverse Telnet AAA
>
>
> I am having problems with my AAA on my terminal server.
>
> I want to keep AAA (username + password) authentication on my terminal
> server, but would like to disable the authentication when I reverse telnet
> to my routers.
>
> Does anyone know how to accomplish this?
>
> Thank you,
>
> Jason T. Rohm
> Sr. Network Engineer
> Wire Technologies, Inc
> jtrohm@wiretech-inc.com
> (920) 766-5172
>

• Next message: Balcerzak, Bart (Lucent): "date swap"
• Previous message: David FAHED: "Re: OSPF/IGRP redistribution and default-network"
• Maybe in reply to: Jason T. Rohm: "Reverse Telnet AAA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:32 GMT-3