From: Deepinder Babbar (dsbabbar@gmail.com)
Date: Tue Jan 08 2008 - 10:27:22 ARST
So giving "aaa authentication login default none" will do both the jobs,
avoiding locking yourself out and reverting login method of con and vty to
the preconfigured method.
On Jan 8, 2008 4:38 AM, Darby Weaver <darbyweaver@yahoo.com> wrote:
> Why not just:
>
> aaa authen login default none
>
> If one changes the credentials, won't the proctors get
> a bit upset.
>
> Unless you ask first...
>
> But they might already have credentials their scripts
> might need to use...
>
> In the case here, is your password the same as theirs
> if if it is now "none"?
>
> Hmmm...
>
> Things that make me go hmmm....
>
>
> Well, my mind is settled on this matter, is yours?
>
>
> --- Christian Zeng <christian@zengl.net> wrote:
>
> > Hi,
> >
> > * Joseph Saad wrote:
> > > !!!! guest-vlan will be used if the client doesn't
> > support dot1x (i.e. EAP
> > > packets aren't detected)
> > > fail-auth VLAN will be used when client fails
> > authentication.
> >
> > Thanks for the hint, I didn't know this feature
> > exists (did my studies
> > with 12.2(25)SEC).
> >
> > >> aaa authen login CON none
> > >> aaa authen login VTY line
> > >>
> > >> line con0
> > >> login authen CON
> > >>
> > >> line vty 0 15
> > >> login authen VTY
> > >>
> > >> This reduces the risk when accidentally changing
> > the default method
> > >> later and break requirements or lock yourself
> > out.
> > >>
> > >
> > > !!! this obviously require the definition of
> > "username U password p"
> > > statement ... but I could be stating the obvious.
> >
> > Username entry in the local db is not needed, the
> > VTY method uses the
> > line password (assuming it was there in the initial
> > config).
> >
> >
> > Christian
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST