From: Michael Stout (michaelgstout@hotmail.com)
Date: Sat Jul 29 2006 - 15:18:09 ART
I don't have a lot of experience with aaa.
i believe you would want to set the parameters for default authentication
if you want to use a default authentication method.
aaa authentication default group tacacs local enable
Then you would set up your specilized aaa authentication methods
aaa authentication login insecure none
aaa authentication login telnet local
aaa authentication enable enable
Then you apply the aaa authentication methods
line con 0
login authentication insecure
privi le 15
line vty 0 15
login authentication telnet
privi le 0
Then you can set up your authorization
aaa authorization commands 15 telnet if-authenticated
aaa autorization commands 1 enable if-authenticated
Then you set up you command levels
privilege exec level 1 enable
This command prevents your vty users from ever entering enable mode
--------------------------------------------------------------------
From: "Patricia Loreal" <ploreal@gmail.com>
To: michaelgstout@hotmail.com
CC: secondie@gmail.com, ccielab@groupstudy.com,
security@groupstudy.com
Subject: RE: enable access for VTY and console
Date: Sat, 29 Jul 2006 14:00:05 -0400
Hi,
But why we do not need the
aaa authentication login default none
in this case?
I've test that and seems not to be needing the default athentication,
I thought that when enabling aaa
authentication it would use also the default.
Thanks Michael
Patricia
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART