From: Ronnie Higginbotham (ronniepaul@hotmail.com)
Date: Sun May 27 2007 - 15:53:31 ART
Just so I understand you have already telneted into your access/terminal
server and then typed telnet r1 which takes you to router 1 which now has no
re-authentication applied to the line port.
Then as a second test you then retelneted into your access/terminal server
typed your username and password. Once authenticated you typed telnet
terminal_server 2001? Which does the same thing as above 2001 will equal r1.
So in summary the answer to your question will be no there is no way to
prevent this.
Ronnie
----- Original Message -----
From: "nhatphuc" <nhatphuc@gmail.com>
To: "Ronnie Higginbotham" <rhigginb@swbell.net>; "Cisco certification"
<ccielab@groupstudy.com>
Sent: Sunday, May 27, 2007 12:56 PM
Subject: Re: Please help with Terminal Server
> Hi Ronnie,
>
> This will disable authentication when I reverse telnet.
>
> But if I telnet directly to tty line like this: telnet terminal_server
> 2001, the terminal server will let me in without asking for the
> username/password.
>
> Is there anyway to prevent this?
>
> Thanks
>
> Phuc
>
> On 5/27/07, Ronnie Higginbotham <ronniepaul@hotmail.com> wrote:
>> Phuc,
>>
>> Try this
>>
>> aaa authentication login NONE none
>>
>> line 1 16 <<<<Port numbers could vary
>> login authentication NONE
>>
>> Ronnie
>> CCIE 13834
>>
>> ----- Original Message -----
>> From: "nhatphuc" <nhatphuc@gmail.com>
>> To: "Darby Weaver" <darbyweaver@yahoo.com>; "Cisco certification"
>> <ccielab@groupstudy.com>
>> Sent: Saturday, May 26, 2007 1:51 PM
>> Subject: Re: Please help with Terminal Server
>>
>>
>> > Hi Darby,
>> >
>> > I can configure this with ACS Server using tacacs+ autocommand AV
>> > pair. But I want to disable some messages and extra authentication
>> > when reverse telnetting to router. I've asked this in separate mails.
>> >
>> > If you know how to do this, please help me.
>> >
>> > Thanks
>> >
>> > Phuc
>> >
>> > On 5/26/07, nhatphuc <nhatphuc@gmail.com> wrote:
>> >> HI Darby,
>> >>
>> >> I've just seen it here:
>> >>
>> >> http://www.internetworkexpert.com/resources/termserv.htm
>> >>
>> >> Phuc
>> >>
>> >>
>> >> On 5/26/07, Darby Weaver <darbyweaver@yahoo.com> wrote:
>> >> > Did you see this on a lab recently?
>> >> >
>> >> > Out of my experience - I have not enabled aaa for term
>> >> > servers at home to try it out.
>> >> >
>> >> > What do you get?
>> >> >
>> >> > If the option exists then that would likely be the
>> >> > one.
>> >> >
>> >> > Darby
>> >> > --- nhatphuc <nhatphuc@gmail.com> wrote:
>> >> >
>> >> > > Hi Darby,
>> >> > >
>> >> > > It works if I configure:
>> >> > >
>> >> > > line vty 0 4
>> >> > > login local
>> >> > >
>> >> > > But it doesn't if:
>> >> > >
>> >> > > aaa new-model
>> >> > > aaa authentication login TELNET local
>> >> > > line vty 0 4
>> >> > > login authentication TELNET
>> >> > >
>> >> > > Do I have to enable aaa authorization reverse-access
>> >> > > TELNET?
>> >> > >
>> >> > > Thanks
>> >> > >
>> >> > > Phuc
>> >> > >
>> >> > >
>> >> > >
>> >> > > On 5/26/07, Darby Weaver <darbyweaver@yahoo.com>
>> >> > > wrote:
>> >> > > > Let me take a stab at this one:
>> >> > > >
>> >> > > > username R1 password cisco
>> >> > > > username R1 autocommand R1 or Telnet R1
>> >> > > >
>> >> > > > username All password cisco
>> >> > > > username All autocommand x.x.x.x or Telnet x.x.x.x
>> >> > > >
>> >> > > > username R2 password cisco
>> >> > > > username R2 autocommand R2 or Telnet R2
>> >> > > >
>> >> > > >
>> >> > > > line vty 0 4
>> >> > > > login local
>> >> > > >
>> >> > > > Try this and let me know if doesn't work.
>> >> > > >
>> >> > > > Now you switch R1 for the loopback:2001
>> >> > > > And R2 for loopback:2002
>> >> > > >
>> >> > > > Exchange loopback for whatever IP Address you used
>> >> > > for
>> >> > > > the reverse telnet IP Address.
>> >> > > >
>> >> > > >
>> >> > > >
>> >> > > >
>> >> > > > And you could wrap an acl around it and/or perhaps
>> >> > > use
>> >> > > > SSH depening on if your TS supports SSH.
>> >> > > >
>> >> > > > Check me on this - since I am shooting from the
>> >> > > hip.
>> >> > > > There may be one more step, but I this will do
>> >> > > what
>> >> > > > you require.
>> >> > > >
>> >> > > > Let use know if I missed anything please.
>> >> > > >
>> >> > > > Darby
>> >> > > >
>> >> > > >
>> >> > > >
>> >> > > >
>> >> > > > --- nhatphuc <nhatphuc@gmail.com> wrote:
>> >> > > >
>> >> > > > > Hi Group,
>> >> > > > >
>> >> > > > > I'm setting up my Terminal Server. How do I
>> >> > > > > configure for this requirement?
>> >> > > > >
>> >> > > > > If I login using username all it will connect to
>> >> > > > > terminal server
>> >> > > > > If I login using username r1 it will connect
>> >> > > > > directly to r1
>> >> > > > > If I login using username r2 it will connect
>> >> > > > > directly to r2
>> >> > > > > .....
>> >> > > > >
>> >> > > > > I'm trying to use username.... autocommand, but
>> >> > > it
>> >> > > > > doesn't work.
>> >> > > > >
>> >> > > > > Thanks
>> >> > > > >
>> >> > > > > Phuc
>> >> > > > >
>> >> > > > >
>> >> > > >
>> >> > >
>> >> > _______________________________________________________________________
>> >> > > > > Subscription information may be found at:
>> >> > > > > http://www.groupstudy.com/list/CCIELab.html
>> >> > >
>> >> > >
>> >> > _______________________________________________________________________
>> >> > > Subscription information may be found at:
>> >> > > http://www.groupstudy.com/list/CCIELab.html
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART