RE: vty, con, and aux configuration

From: McLaughlin, Jeffery (JMcLaughlin@sfchronicle.com)
Date: Sun Jan 09 2005 - 19:59:41 GMT-3

• Next message: ccie2be: "Re: Deny ARP Catalyst"
• Previous message: alsontra@hotmail.com: "RE: Deny ARP Catalyst"
• Maybe in reply to: alsontra@hotmail.com: "vty, con, and aux configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Al,

You'll find that when you get in the lab, they have probably configured the
usual commands on the console port for you. When I took the lab, the proctor
explicitly told us that was the case, and told us not to change those configs.
(I doubt you'd need to do anything to the AUX port in the lab, as you won't
have access to it.)

I would be very careful not to put any passwords on the routers unless
explicity directed to do so by the lab. They allegedly use a script to do
some of the grading, and if that script is not expecting a password it could
be interrupted.

However, if they (e.g.) tell you to use dot1x and authenticate via the local
user database, of course that's fine.

Jeff McLaughlin
CCIE #14023

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
alsontra@hotmail.com
Sent: Sunday, January 09, 2005 12:23 AM
To: 'Cisco certification'
Subject: vty, con, and aux configuration

All,

Most lab scenarios give the following instructions with regard to virtual
terminal access methods:

"Do not change the console aux, or vty access methods unless otherwise
specified"

Given the above statement and the appropriate situation, would adding the
following statements be considered a violation?

0.
Default config:
line con 0
line aux 0
line vty 0 4

1.
ena pass cisco

line vty 0 4
 exec-timeout 0 0
 logging synchronous
 no login

2.
ena pass cisco

line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login
 password cisco

3.
ena pass cisco

line vty 0 4
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 no login

4.
Ena pass cisco
Username cisco password cisco

line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local

5. (dot1x with radius)
!
aaa new-model
aaa authentication login default none
aaa authentication dot1x default group radius
enable password cisco
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous

Last question, if you are not given any instruction with regard to the vty,
aux or con, would options 1 or 2 meet the "must be able to telnet to all
routers" requirement.

(Trying to confirm, everything I think I know. Excuse the idiocy!)

Thank in advance,
Al

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004

• Next message: ccie2be: "Re: Deny ARP Catalyst"
• Previous message: alsontra@hotmail.com: "RE: Deny ARP Catalyst"
• Maybe in reply to: alsontra@hotmail.com: "vty, con, and aux configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:20 GMT-3