Re: Enable access for VTY

From: Sami (sy1977@gmail.com)
Date: Tue Aug 01 2006 - 17:55:06 ART

• Next message: Patricia Loreal: "Re: 3550 Police Question."
• Previous message: Stefan Grey: "OSPF nssa and default route??"
• Maybe in reply to: secondie: "Re: Enable access for VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

secondie,

According to your config , console login should ask for password two times ,
first login password and then enable password.. right ?

On 7/31/06, secondie <secondie@gmail.com> wrote:
>
> This thread is kind of continuation of another thread posted by me
> earlier. One of the requirements was to use AAA.
>
> Hope this clarifies.
>
>
>
> Gregory W. Posey Jr. wrote:
> > Why not...
> > username cisco password cisco
> > line vty 0 4
> > login local
> > privilege level 15
> > Thank you,
> > Greg Posey Jr.
> > CCIE #7981
> > CCSP, CCSI
> > M.S. EE
> >
> > secondie writes:
> >> I think it is for "no enable password".
> >> Here is the brief description:
> >> "aaa authentication login VTY local" --- sets up VTY as local auth
> >> group
> >> "aaa authorization exec VTY local" --- sets up as authorization as
> >> local
> >> line vty 0 4
> >> password a -- "this line has no relevance to the authen or author as
> >> both are base on AAA, so ignored by VTY login", could be used as
> >> second choice but not configured in this case
> >> login authentication VTY --- "enable login based on VTY profile of
> >> AAA which is local"
> >>
> >> authorization exec VTY "enables the authorization based on the VTY
> >> author group, which is local"
> >> So when VTY is login is prompted, AAA looks for local
> >> username/password for authentication, which is cisco/cisco. Then for
> >> authorization it looks under "authorization exec VTY group local" and
> >> as local command "username cisco privi 15 pass cisco" specifies level
> >> of 15, it authorizes user cisco for priv 15, therefore directly
> >> dropping user into enable mode.
> >> HTH
> >> -secondie
> >>
> >> Paul Dardinski wrote:
> >>> Can someone elaborate? I thought the question was "is it possible to
> >>> enable vty access with "NO" password authent?". Will lab this up, does
> >>> this allow enable access vty with no further authent other then local
> >>> login?
> >>> -----Original Message-----
> >>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> >>> Rick Fox
> >>> Sent: Sunday, July 30, 2006 10:07 PM
> >>> To: secondie@gmail.com
> >>> Cc: Cisco certification
> >>> Subject: RE: Enable access for VTY
> >>> That's it.
> >>> Line vty 0 4
> >>> authorization exec VTY
> >>> Thanks,
> >>> Rick
> >>> -----Original Message-----
> >>> From: secondie [mailto:secondie@gmail.com] Sent: Sunday, July 30,
> >>> 2006 9:59 PM
> >>> To: Rick Fox
> >>> Cc: Cisco certification
> >>> Subject: Re: Enable access for VTY
> >>> Only way I can think of is as below:
> >>> aaa new-model
> >>> aaa authentication login CONSOLE enable
> >>> aaa authentication login VTY local
> >>> aaa authorization exec VTY local
> >>> enable password enable
> >>> !
> >>> username cisco privilege 15 password 0 cisco
> >>>
> >>> line con 0
> >>> login authen CONSOLE
> >>> line vty 0 4
> >>> password a
> >>> authorization exec VTY
> >>> login authentication VTY
> >>> *****************
> >>> CONSOLE LOGIN:
> >>> *****************
> >>> R20 con0 is now available
> >>> Press RETURN to get started.
> >>>
> >>> R20>en
> >>> Password: enable (typed in for clarity)
> >>> R20#
> >>>
> >>> *************
> >>> VTY LOGIN:
> >>> *************
> >>> User Access Verification
> >>> Username: cisco
> >>> Password: cisco (typed in for clarity)
> >>> R20#
> >>> R20#
> >>>
> >>> HTH
> >>> -secondie
> >>>
> >>> Rick Fox wrote:
> >>>> So, is there a way to configure access so that when telneting to a
> >>>> router, local authentication is used, and you are immediately in
> >>> enable
> >>>> mode?
> >>>> The config provided from previous thread still requires additional
> >>> login
> >>>> to enable mode.
> >>>>
> >>>>
> >>>>>> aaa new-model
> >>>>>> aaa authentication login CONSOLE enable
> >>>>>> aaa authentication login VTY local
> >>>>>> !
> >>>>>> line console 0
> >>>>>> login authentication CONSOLE
> >>>>>> !
> >>>>>> line vty 0 4
> >>>>>> login authentication VTY
> >>>>>> !
> >>>>
> >>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Patricia Loreal: "Re: 3550 Police Question."
• Previous message: Stefan Grey: "OSPF nssa and default route??"
• Maybe in reply to: secondie: "Re: Enable access for VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:55 ART