From: Chris (clarson52@comcast.net)
Date: Fri Sep 09 2005 - 09:43:30 GMT-3
I think you are referring to the "lock and key" access-list using dynamic
acl and autocommand. This will not work for me either. Thanks again though.
I appreciate the help.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Godswill Oletu
Sent: Friday, September 09, 2005 12:58 AM
To: chris@supertechnetworks.com; ccielab@groupstudy.com
Subject: Re: ACS and Terminal Server
But you still can simulate a very similar situation that will achieve the
same purpose, which I believe is:
>single authentication, then access to all lines will be given without
>the need to re-authenticate each time.
You can configure your dynamic access list such that tcp access to ports
2001 - 2016 will be denied until a successful authentication. Once an
individual has successfully authenticated, they can then have the access to
initiate telnet to any device attached to lines 1 to 16.
HTH
Godswill Oletu
----- Original Message -----
From: "Chris" <chris@supertechnetworks.com>
To: "'Godswill Oletu'" <oletu@inbox.lv>; <ccielab@groupstudy.com>
Sent: Thursday, September 08, 2005 10:15 PM
Subject: RE: ACS and Terminal Server
> That is what I figured. I do not want to selectively do authentication. I
> want a person to authenticate once to one line and then have access to the
> others without re-authenticating for each line. I did not think it could
> be
> done. Thanks anyway.
>
> Chris
>
>
>
>
>
> -----Original Message-----
> From: Godswill Oletu [mailto:oletu@inbox.lv]
> Sent: Thursday, September 08, 2005 9:45 PM
> To: Chris; ccielab@groupstudy.com
> Subject: Re: ACS and Terminal Server
>
> Chris,
>
> By default you are not required to authenticate before gaining access to
> devices attached to the lines via reverse telnet:
>
> #line 1 16
> #transport input all
>
> Is really all that is needed to reverse telnet to each of the 16 devices
> connected to the lines above. You can further tweak this by adding things
> like (no exec, exec-timeout, etc...)
>
> However, if you choose to, you can selectively turn ON authentication for
> any or all of the lines:
>
> #line 1 2
> #transport input all
> #login
> #password cisco
> !
> #line 3 16
> #transport input all
>
> You will be challanged for a password on lines 1 and 2 but not on lines 3
> to
> 16.
>
> If you have to telnet from your PC straight into any of the lines and
> donot
> want to be challanged for password eg:
>
> C:/>Telnet 1.1.1.1 2001 <1.1.1.1 is ethernet interface ip address of the
> terminal server & 2001 is accessing line 1>
>
> You can turn OFF telnet authentication on the terminal server by:
>
> #line vty 0 4
> #no login
>
> With this and the vanilla configuration of 'line 1 16' above, users can
> access any of the terminal server lines from their PC without password
> requirements.
>
> HTH
> Godswill Oletu
>
> ----- Original Message -----
> From: "Chris" <chris@supertechnetworks.com>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, September 08, 2005 8:17 PM
> Subject: ACS and Terminal Server
>
>
>> If I am using a 2511 as terminal server with a device on each line, can I
>> configure it so that a user only has to authenticate on one line to
>> access
>> the other 15?
>>
>> In other words, I want them to be able to telnet to x.x.x.x 2001
>> x.x.x.x
>> 2002 x.x.x.x 2003
>>
>> and access each line, but not have to authenticate at each line. I do not
>> think it is possible, but I thought I should ask.
>>
>> Chris
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3