Re: dot1x

From: Deepinder Babbar (dsbabbar@gmail.com)
Date: Tue Jan 08 2008 - 10:53:48 ARST

• Next message: Ramy Sisy: "RE: cciecert book ?!!"
• Previous message: Deepak Ahuja: "CCIE-SP (350-029) Written"
• Maybe in reply to: Deepinder Babbar: "dot1x"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to everyone for clearing my doubt.. :-)

Best Regards

Deepinder Singh Babbar

On Jan 8, 2008 3:32 PM, Joseph Saad <joseph.samir.saad@gmail.com> wrote:

> This is sufficient to prevent locking you out from the console and VTY.
>
> It depends however on the "preconfigured" method whether you need to do
> further configuration or not.
>
>
> On Jan 8, 2008 4:27 PM, Deepinder Babbar <dsbabbar@gmail.com> wrote:
>
> >
> > So giving "aaa authentication login default none" will do both the jobs,
> > avoiding locking yourself out and reverting login method of con and vty to
> > the preconfigured method.
> >
> >
> >
> >
> >
> > On Jan 8, 2008 4:38 AM, Darby Weaver <darbyweaver@yahoo.com> wrote:
> >
> > > Why not just:
> > >
> > > aaa authen login default none
> > >
> > > If one changes the credentials, won't the proctors get
> > > a bit upset.
> > >
> > > Unless you ask first...
> > >
> > > But they might already have credentials their scripts
> > > might need to use...
> > >
> > > In the case here, is your password the same as theirs
> > > if if it is now "none"?
> > >
> > > Hmmm...
> > >
> > > Things that make me go hmmm....
> > >
> > >
> > > Well, my mind is settled on this matter, is yours?
> > >
> > >
> > > --- Christian Zeng <christian@zengl.net> wrote:
> > >
> > > > Hi,
> > > >
> > > > * Joseph Saad wrote:
> > > > > !!!! guest-vlan will be used if the client doesn't
> > > > support dot1x (i.e. EAP
> > > > > packets aren't detected)
> > > > > fail-auth VLAN will be used when client fails
> > > > authentication.
> > > >
> > > > Thanks for the hint, I didn't know this feature
> > > > exists (did my studies
> > > > with 12.2(25)SEC).
> > > >
> > > > >> aaa authen login CON none
> > > > >> aaa authen login VTY line
> > > > >>
> > > > >> line con0
> > > > >> login authen CON
> > > > >>
> > > > >> line vty 0 15
> > > > >> login authen VTY
> > > > >>
> > > > >> This reduces the risk when accidentally changing
> > > > the default method
> > > > >> later and break requirements or lock yourself
> > > > out.
> > > > >>
> > > > >
> > > > > !!! this obviously require the definition of
> > > > "username U password p"
> > > > > statement ... but I could be stating the obvious.
> > > >
> > > > Username entry in the local db is not needed, the
> > > > VTY method uses the
> > > > line password (assuming it was there in the initial
> > > > config).
> > > >
> > > >
> > > > Christian
> > > >
> > > >
> > > _______________________________________________________________________
> > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html

• Next message: Ramy Sisy: "RE: cciecert book ?!!"
• Previous message: Deepak Ahuja: "CCIE-SP (350-029) Written"
• Maybe in reply to: Deepinder Babbar: "dot1x"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST