Sean,
There is nothing wrong with your configuration that I can see based on what you posted. I was pretty sure it looked correct, but I have verified in my lab as well, not sure off hand what else it might be.
Could you post your 's run | s line vty' and 's run | i aaa' ?
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of ssflack_at_googlemail.com
Sent: Sunday, May 03, 2009 1:38 PM
To: ccielab_at_groupstudy.com
Subject: aaa authentication and vty lines
Hi All,
Could someone please help!? I am trying to configure dot1x for switchport
interfaces but I want the telnet lines to only ask for a password, therefore
not breaking the rules of mock labs etc
by changing the authentication methods of the telnet lines.
So I have done the following configuration
#aaa new-model
#aaa authentication login VTY line
#line vty 0 15
#login authentication VTY
#password cisco
I'm sure this is correct, but when I telnet from another device to the
switch (or to itself for that matter), I get the following, no password
prompt and nothing else (with debug aaa authentication enabled):
Rack1SW2(config-line)#do telnet 150.1.8.8
Trying 150.1.8.8 ... Open
*Mar 12 04:23:51.567: AAA/BIND(00000009): Bind i/f
*Mar 12 04:23:51.567: AAA/AUTHEN/LOGIN (00000009): Pick method list 'VTY'
From here I have to manually ctrl-shift-6 x out to do anything else. I do
not have any access-lists configured that could affect the config and if I
set the aaa authentication login method to "none", it does not ask for a
password and continues as expected to the switch prompt.
Thanks in advance,
Regards,
Sean
Blogs and organic groups at http://www.ccie.net
Received on Sun May 03 2009 - 17:25:40 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:41 ART