From: Gregory W. Posey Jr. (gposey@uaes.org)
Date: Mon Jul 31 2006 - 10:17:26 ART
Why not...
username cisco password cisco
line vty 0 4
login local
privilege level 15
Thank you,
Greg Posey Jr.
CCIE #7981
CCSP, CCSI
M.S. EE
secondie writes:
> I think it is for "no enable password".
>
> Here is the brief description:
>
> "aaa authentication login VTY local" --- sets up VTY as local auth group
>
> "aaa authorization exec VTY local" --- sets up as authorization as local
>
> line vty 0 4
> password a -- "this line has no relevance to the authen or author as both
> are base on AAA, so ignored by VTY login", could be used as second choice
> but not configured in this case
>
> login authentication VTY --- "enable login based on VTY profile of AAA
> which is local"
>
>
> authorization exec VTY "enables the authorization based on the VTY author
> group, which is local"
>
> So when VTY is login is prompted, AAA looks for local username/password
> for authentication, which is cisco/cisco. Then for authorization it looks
> under "authorization exec VTY group local" and as local command "username
> cisco privi 15 pass cisco" specifies level of 15, it authorizes user cisco
> for priv 15, therefore directly dropping user into enable mode.
>
> HTH
> -secondie
>
>
> Paul Dardinski wrote:
>> Can someone elaborate? I thought the question was "is it possible to
>> enable vty access with "NO" password authent?". Will lab this up, does
>> this allow enable access vty with no further authent other then local
>> login?
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Rick Fox
>> Sent: Sunday, July 30, 2006 10:07 PM
>> To: secondie@gmail.com
>> Cc: Cisco certification
>> Subject: RE: Enable access for VTY
>>
>> That's it.
>>
>> Line vty 0 4
>> authorization exec VTY
>>
>> Thanks,
>> Rick
>>
>> -----Original Message-----
>> From: secondie [mailto:secondie@gmail.com] Sent: Sunday, July 30, 2006
>> 9:59 PM
>> To: Rick Fox
>> Cc: Cisco certification
>> Subject: Re: Enable access for VTY
>>
>> Only way I can think of is as below:
>>
>> aaa new-model
>> aaa authentication login CONSOLE enable
>> aaa authentication login VTY local
>> aaa authorization exec VTY local
>> enable password enable
>> !
>> username cisco privilege 15 password 0 cisco
>>
>>
>> line con 0
>> login authen CONSOLE
>>
>> line vty 0 4
>> password a
>> authorization exec VTY
>> login authentication VTY
>>
>> *****************
>> CONSOLE LOGIN:
>> *****************
>> R20 con0 is now available
>>
>> Press RETURN to get started.
>>
>>
>> R20>en
>> Password: enable (typed in for clarity)
>> R20#
>>
>>
>> *************
>> VTY LOGIN:
>> *************
>> User Access Verification
>>
>> Username: cisco
>> Password: cisco (typed in for clarity)
>>
>> R20#
>> R20#
>>
>>
>> HTH
>> -secondie
>>
>>
>> Rick Fox wrote:
>>
>>> So, is there a way to configure access so that when telneting to a
>>> router, local authentication is used, and you are immediately in
>>>
>> enable
>>
>>> mode?
>>>
>>> The config provided from previous thread still requires additional
>>>
>> login
>>
>>> to enable mode.
>>>
>>>
>>>
>>>>> aaa new-model
>>>>> aaa authentication login CONSOLE enable
>>>>> aaa authentication login VTY local
>>>>> !
>>>>> line console 0
>>>>> login authentication CONSOLE
>>>>> !
>>>>> line vty 0 4
>>>>> login authentication VTY
>>>>> !
>>>>>
>>>
>> _______________________________________________________________________
>>
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:49 ART