Re: enable access for VTY and console

From: secondie (secondie@gmail.com)
Date: Sat Jul 29 2006 - 17:09:29 ART

• Next message: firstie: "Re: enable access for VTY and console"
• Previous message: Nick Griffin: "Re: 3524 Query-Can be helpfull for CCIE-LAB"
• Maybe in reply to: secondie: "enable access for VTY and console"
• Next in thread: firstie: "Re: enable access for VTY and console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks all for replies. I was hoping to see some variant of "aaa authen
enable default enable" type command to set the "no password needed" for
console while still needing enable password for VTY.

What I found so far is that ""aaa authen enable default enable" or "aaa
authen enable default none" command has only default mode and no group mode

for example if I had "aaa authen enable MYCONSOLE none" and "aaa authen
enable VTY enable", I could easily do something like below:

aaa authen login MYCONSOLE none
aaa authen enable VTY enable

line con 0
login authen MYCONSOLE
line vty 0 4
login authen VTY

Is it possible to configure "aaa authen enable MYCONSOLE none" command ?
I know there are new variation of aaa commands all over the IOS trains
and so far I can only find the default group with this command/

once again thanks all for responses.

-secondie

Michael Stout wrote:
>
> I don't have a lot of experience with aaa.
> i believe you would want to set the parameters for default
> authentication if you want to use a default authentication method.
> aaa authentication default group tacacs local enable
> Then you would set up your specilized aaa authentication methods
> aaa authentication login insecure none
> aaa authentication login telnet local
> aaa authentication enable enable
>
> Then you apply the aaa authentication methods
> line con 0
> login authentication insecure
> privi le 15
> line vty 0 15
> login authentication telnet
> privi le 0
>
> Then you can set up your authorization
> aaa authorization commands 15 telnet if-authenticated
> aaa autorization commands 1 enable if-authenticated
>
> Then you set up you command levels
> privilege exec level 1 enable
> This command prevents your vty users from ever entering enable mode
>
>
>
> From: /"Patricia Loreal" <ploreal@gmail.com>/
> To: /michaelgstout@hotmail.com/
> CC: /secondie@gmail.com, ccielab@groupstudy.com,
> security@groupstudy.com/
> Subject: /RE: enable access for VTY and console/
> Date: /Sat, 29 Jul 2006 14:00:05 -0400/
>
> Hi,
>
> But why we do not need the
> aaa authentication login default none
> in this case?
>
> I've test that and seems not to be needing the default
>
> athentication, I thought that when enabling aaa
> authentication it would use also the default.
>
> Thanks Michael
> Patricia

• Next message: firstie: "Re: enable access for VTY and console"
• Previous message: Nick Griffin: "Re: 3524 Query-Can be helpfull for CCIE-LAB"
• Maybe in reply to: secondie: "enable access for VTY and console"
• Next in thread: firstie: "Re: enable access for VTY and console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART