From: Volkov Dmitry (dmitry.volkov@rogers.com)
Date: Tue Nov 04 2003 - 17:14:04 GMT-3
Well I think I have answer to my question. As usual I got it from doc cd ;)
Below stuff explains what You get when You just enable "aaa new-model"
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
ur_r/faaacr/srfathen.htm
1) aaa authentication login:
Defaults:
If the default list is not set, only the local user database is checked.
This has the same effect as the following command:
aaa authentication login default local
----------------------------------------------------------------------------
---- Note On the console, login will succeed without any authentication checks if default is not set.2) aaa authentication enable default:
If the default list is not set, only the enable password is checked. This has the same effect as the following command: aaa authentication enable default enable
On the console, the enable password is used if it exists. If no password is set, the process will succeed anyway.
3) aaa authentication ppp: Defaults
If the default list is not set, only the local user database is checked. This has the same effect as that created by the following command: aaa authentication ppp default local
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec ur_r/faaacr/srfauth.htm
aaa authorization: Defaults
Authorization is disabled for all actions (equivalent to the method keyword none).
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec ur_r/faaacr/srfacct.htm
aaa accounting: Defaults
AAA accounting is disabled
Dmitry
> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On > Behalf Of Volkov Dmitry > Sent: Tuesday, November 04, 2003 1:58 PM > To: 'Szabo, Vilmos' > Cc: security@groupstudy.com; ccielab@groupstudy.com > Subject: RE: aaa new-model (what is behind) > > > Vilmos, > I talked not about commands appeared in config but about behavior. > I boot router , place "aaa new-model" and this essentaially makes > "aaa authentication login default local" for vty access and "aaa > authentication login default none" for console access. > There are no such commands in config, however they are > implicitly there (my > assumption is based on debug and access attempts) > I was wondering whether something else "enabled" by just placing "aaa > new-model" > > Thank You, > Dmitry > > > -----Original Message----- > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On > > Behalf Of Szabo, Vilmos > > Sent: Tuesday, November 04, 2003 4:55 AM > > To: 'Volkov Dmitry'; security@groupstudy.com > > Cc: ccielab@groupstudy.com > > Subject: RE: aaa new-model (what is behind) > > > > > > Dmitry, > > > > I think what you experienced is invoking previously > > configured aaa commands > > automatically. > > My practice shows that every time when I disabled aaa > > function with 'no aaa > > new-model' and later reenabled it with 'aaa new-model' then > > the earlier used > > aaa commands were put back in the config. > > > > Is your case is similar? > > > > Vilmos > > > > > > -----Original Message----- > > From: Volkov Dmitry [mailto:dmitry.volkov@rogers.com] > > Sent: 04 November 2003 00:10 > > To: security@groupstudy.com > > Cc: ccielab@groupstudy.com > > Subject: aaa new-model (what is behind) > > > > > > Hi, > > > > What does happen when we enable AAA with command "aaa new-model" ? > > It seems that as soon as I put "aaa new-model", it implicitly > > "creates" the > > following login authentication method lists: > > > > "aaa authentication login default local" for vty access > > and "aaa authentication login default none" for console access > > > > What else does it enable implicitly ? > > > > > > Thanks, > > Dmitry > > > > ______________________________________________________________ > > _________ > > Please help support GroupStudy by purchasing your study > > materials from: > > http://shop.groupstudy.com > > > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:08 GMT-3