From: Volkov Dmitry (dmitry.volkov@rogers.com)
Date: Sun Nov 09 2003 - 15:04:40 GMT-3
Method 1) is security hole.
Combination "local none" is wrong.
You should remove "none", until You do it any username which does NOT exist
in local database will provide you access to VTY.
http://www.cisco.com/en/US/products/hw/univgate/ps505/products_implementatio
n_design_guide_chapter09186a00800b5355.html#xtocid4
Dmitry
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> Behalf Of Pun, Alec CL
> Sent: Sunday, November 09, 2003 6:39 AM
> To: gs (E-mail)
> Subject: VTY authentication
>
>
> If I am asked to enable authentication on VTY, what is the
> different between
> the following two methods ? The answer seems to prefer the AAA one.
>
> thanks
> alec
>
>
> Method 1)
> aaa new-model
> aaa authentication login TELNET local none
> username Cisco password 0 CCIE
> line vty 0 4
> login authentication TELNET
> !
>
> Method 2)
> username Cisco password 0 CCIE
> line vty 0 4
> login local
> !
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study
> materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:09 GMT-3