From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Tue Mar 17 2009 - 11:19:26 ART
Actually the 'default' method list is applied to even the console.....lab it
up or I'm getting too old now. :)
Its true that if you enable aaa new-model and there is no default method
list in the configuration, then the console will be unaffected. So all
vendors are not wrong here, they do the 'none' but to safeguard the console
in case a default method list is required (like in the case of dot1x).
Regards
Farrukh
On Mon, Mar 16, 2009 at 8:43 PM, nowy1981 <freemaxis@gmail.com> wrote:
> Sadiq,
>
> I think that you are wrong.
> aaa new-model enables local authentication by on vty and aux lines, except
> for console. Below you have quick test.
> BTW - I always wonder why all workbooks' writers suggest to configure aaa
> authentication login default none with dot1x configuration to not lock out
> from console. Do you agree that it is useless if we are using console access
> on the exam?
>
>
> Test:
>
> R6(config)#aaa new-model
> R6(config)#
> *Mar 1 00:00:48.251: %SYS-5-CONFIG_I: Configured from console by console
> R6#exit
>
>
>
>
> R6 con0 is now available
>
>
>
>
>
> Press RETURN to get started.
>
>
> R6>en
> R6#
>
> Cheers
>
> Sadiq Yakasai pisze:
>
> Make the default login authentication method to none by configuring:
>>
>> aaa authentication login default none
>>
>> That makes the login authentication on the console and vty lines to none.
>>
>> HTH,
>> Sadiq
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART