Re: Please help with Terminal Server

From: nhatphuc (nhatphuc@gmail.com)
Date: Sun May 27 2007 - 14:56:38 ART

• Next message: Hoogen: "Re: San Jose Site"
• Previous message: Shamin: "QOS question"
• Maybe in reply to: nhatphuc: "Please help with Terminal Server"
• Next in thread: Ronnie Higginbotham: "Re: Please help with Terminal Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Ronnie,

This will disable authentication when I reverse telnet.

But if I telnet directly to tty line like this: telnet terminal_server
2001, the terminal server will let me in without asking for the
username/password.

Is there anyway to prevent this?

Thanks

Phuc

On 5/27/07, Ronnie Higginbotham <ronniepaul@hotmail.com> wrote:
> Phuc,
>
> Try this
>
> aaa authentication login NONE none
>
> line 1 16 <<<<Port numbers could vary
> login authentication NONE
>
> Ronnie
> CCIE 13834
>
> ----- Original Message -----
> From: "nhatphuc" <nhatphuc@gmail.com>
> To: "Darby Weaver" <darbyweaver@yahoo.com>; "Cisco certification"
> <ccielab@groupstudy.com>
> Sent: Saturday, May 26, 2007 1:51 PM
> Subject: Re: Please help with Terminal Server
>
>
> > Hi Darby,
> >
> > I can configure this with ACS Server using tacacs+ autocommand AV
> > pair. But I want to disable some messages and extra authentication
> > when reverse telnetting to router. I've asked this in separate mails.
> >
> > If you know how to do this, please help me.
> >
> > Thanks
> >
> > Phuc
> >
> > On 5/26/07, nhatphuc <nhatphuc@gmail.com> wrote:
> >> HI Darby,
> >>
> >> I've just seen it here:
> >>
> >> http://www.internetworkexpert.com/resources/termserv.htm
> >>
> >> Phuc
> >>
> >>
> >> On 5/26/07, Darby Weaver <darbyweaver@yahoo.com> wrote:
> >> > Did you see this on a lab recently?
> >> >
> >> > Out of my experience - I have not enabled aaa for term
> >> > servers at home to try it out.
> >> >
> >> > What do you get?
> >> >
> >> > If the option exists then that would likely be the
> >> > one.
> >> >
> >> > Darby
> >> > --- nhatphuc <nhatphuc@gmail.com> wrote:
> >> >
> >> > > Hi Darby,
> >> > >
> >> > > It works if I configure:
> >> > >
> >> > > line vty 0 4
> >> > > login local
> >> > >
> >> > > But it doesn't if:
> >> > >
> >> > > aaa new-model
> >> > > aaa authentication login TELNET local
> >> > > line vty 0 4
> >> > > login authentication TELNET
> >> > >
> >> > > Do I have to enable aaa authorization reverse-access
> >> > > TELNET?
> >> > >
> >> > > Thanks
> >> > >
> >> > > Phuc
> >> > >
> >> > >
> >> > >
> >> > > On 5/26/07, Darby Weaver <darbyweaver@yahoo.com>
> >> > > wrote:
> >> > > > Let me take a stab at this one:
> >> > > >
> >> > > > username R1 password cisco
> >> > > > username R1 autocommand R1 or Telnet R1
> >> > > >
> >> > > > username All password cisco
> >> > > > username All autocommand x.x.x.x or Telnet x.x.x.x
> >> > > >
> >> > > > username R2 password cisco
> >> > > > username R2 autocommand R2 or Telnet R2
> >> > > >
> >> > > >
> >> > > > line vty 0 4
> >> > > > login local
> >> > > >
> >> > > > Try this and let me know if doesn't work.
> >> > > >
> >> > > > Now you switch R1 for the loopback:2001
> >> > > > And R2 for loopback:2002
> >> > > >
> >> > > > Exchange loopback for whatever IP Address you used
> >> > > for
> >> > > > the reverse telnet IP Address.
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > > And you could wrap an acl around it and/or perhaps
> >> > > use
> >> > > > SSH depening on if your TS supports SSH.
> >> > > >
> >> > > > Check me on this - since I am shooting from the
> >> > > hip.
> >> > > > There may be one more step, but I this will do
> >> > > what
> >> > > > you require.
> >> > > >
> >> > > > Let use know if I missed anything please.
> >> > > >
> >> > > > Darby
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > > --- nhatphuc <nhatphuc@gmail.com> wrote:
> >> > > >
> >> > > > > Hi Group,
> >> > > > >
> >> > > > > I'm setting up my Terminal Server. How do I
> >> > > > > configure for this requirement?
> >> > > > >
> >> > > > > If I login using username all it will connect to
> >> > > > > terminal server
> >> > > > > If I login using username r1 it will connect
> >> > > > > directly to r1
> >> > > > > If I login using username r2 it will connect
> >> > > > > directly to r2
> >> > > > > .....
> >> > > > >
> >> > > > > I'm trying to use username.... autocommand, but
> >> > > it
> >> > > > > doesn't work.
> >> > > > >
> >> > > > > Thanks
> >> > > > >
> >> > > > > Phuc
> >> > > > >
> >> > > > >
> >> > > >
> >> > >
> >> > _______________________________________________________________________
> >> > > > > Subscription information may be found at:
> >> > > > > http://www.groupstudy.com/list/CCIELab.html
> >> > >
> >> > >
> >> > _______________________________________________________________________
> >> > > Subscription information may be found at:
> >> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Hoogen: "Re: San Jose Site"
• Previous message: Shamin: "QOS question"
• Maybe in reply to: nhatphuc: "Please help with Terminal Server"
• Next in thread: Ronnie Higginbotham: "Re: Please help with Terminal Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART