Re: enable access for VTY and console

From: firstie (secondie@gmail.com)
Date: Sat Jul 29 2006 - 17:23:09 ART

• Next message: Sean C.: "Re: enable access for VTY and console"
• Previous message: secondie: "Re: enable access for VTY and console"
• Maybe in reply to: secondie: "enable access for VTY and console"
• Next in thread: Sean C.: "Re: enable access for VTY and console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry about incomplete config ...posting possible complete configuration.

aaa authen login VTY local
aaa authen enable VTY enable
aaa authen login MYCONSOLE none
aaa authen enable MYCONSOEL none

line con 0
login authen MYCONSOLE
line vty 0 4
login authen VTY

secondie wrote:
> Thanks all for replies. I was hoping to see some variant of "aaa
> authen enable default enable" type command to set the "no password
> needed" for console while still needing enable password for VTY.
>
> What I found so far is that ""aaa authen enable default enable" or
> "aaa authen enable default none" command has only default mode and no
> group mode
>
> for example if I had "aaa authen enable MYCONSOLE none" and "aaa
> authen enable VTY enable", I could easily do something like below:
>
> aaa authen login MYCONSOLE none
> aaa authen enable VTY enable
>
> line con 0
> login authen MYCONSOLE
> line vty 0 4
> login authen VTY
>
> Is it possible to configure "aaa authen enable MYCONSOLE none" command
> ? I know there are new variation of aaa commands all over the IOS
> trains and so far I can only find the default group with this command/
>
> once again thanks all for responses.
>
> -secondie
>
>
> Michael Stout wrote:
>>
>> I don't have a lot of experience with aaa.
>> i believe you would want to set the parameters for default
>> authentication if you want to use a default authentication method.
>> aaa authentication default group tacacs local enable
>> Then you would set up your specilized aaa authentication methods
>> aaa authentication login insecure none
>> aaa authentication login telnet local aaa authentication enable enable
>>
>> Then you apply the aaa authentication methods
>> line con 0
>> login authentication insecure
>> privi le 15
>> line vty 0 15
>> login authentication telnet
>> privi le 0
>>
>> Then you can set up your authorization
>> aaa authorization commands 15 telnet if-authenticated
>> aaa autorization commands 1 enable if-authenticated
>>
>> Then you set up you command levels
>> privilege exec level 1 enable
>> This command prevents your vty users from ever entering enable mode
>>
>>
>>
>> From: /"Patricia Loreal" <ploreal@gmail.com>/
>> To: /michaelgstout@hotmail.com/
>> CC: /secondie@gmail.com, ccielab@groupstudy.com,
>> security@groupstudy.com/
>> Subject: /RE: enable access for VTY and console/
>> Date: /Sat, 29 Jul 2006 14:00:05 -0400/
>>
>> Hi,
>>
>> But why we do not need the
>> aaa authentication login default none
>> in this case?
>>
>> I've test that and seems not to be needing the default
>>
>> athentication, I thought that when enabling aaa
>> authentication it would use also the default.
>>
>> Thanks Michael
>> Patricia
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Sean C.: "Re: enable access for VTY and console"
• Previous message: secondie: "Re: enable access for VTY and console"
• Maybe in reply to: secondie: "enable access for VTY and console"
• Next in thread: Sean C.: "Re: enable access for VTY and console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART