RE: aaa authentication and vty lines

From: <ssflack_at_googlemail.com>
Date: Mon, 4 May 2009 00:48:11 +0100

Hi Ryan,

Thanks for your help. Having looked a bit further I think this could
actually be a bug with the IOS version I'm using, 12.2(44)SE. What version
are you using just to verify?

Regards,
Sean

-----Original Message-----
From: Ryan West [mailto:rwest_at_zyedge.com]
Sent: 03 May 2009 22:26
To: ssflack_at_googlemail.com; ccielab_at_groupstudy.com
Subject: RE: aaa authentication and vty lines

Sean,

There is nothing wrong with your configuration that I can see based on what
you posted. I was pretty sure it looked correct, but I have verified in my
lab as well, not sure off hand what else it might be.

Could you post your 's run | s line vty' and 's run | i aaa' ?

-ryan

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
ssflack_at_googlemail.com
Sent: Sunday, May 03, 2009 1:38 PM
To: ccielab_at_groupstudy.com
Subject: aaa authentication and vty lines

Hi All,

 

Could someone please help!? I am trying to configure dot1x for switchport
interfaces but I want the telnet lines to only ask for a password, therefore
not breaking the rules of mock labs etc

by changing the authentication methods of the telnet lines.

 

So I have done the following configuration

 

#aaa new-model

#aaa authentication login VTY line

#line vty 0 15

#login authentication VTY

#password cisco

 

I'm sure this is correct, but when I telnet from another device to the
switch (or to itself for that matter), I get the following, no password
prompt and nothing else (with debug aaa authentication enabled):

 

Rack1SW2(config-line)#do telnet 150.1.8.8

Trying 150.1.8.8 ... Open

 

*Mar 12 04:23:51.567: AAA/BIND(00000009): Bind i/f

*Mar 12 04:23:51.567: AAA/AUTHEN/LOGIN (00000009): Pick method list 'VTY'

 

From here I have to manually ctrl-shift-6 x out to do anything else. I do
not have any access-lists configured that could affect the config and if I
set the aaa authentication login method to "none", it does not ask for a
password and continues as expected to the switch prompt.

 

Thanks in advance,

 

Regards,

Sean

Blogs and organic groups at http://www.ccie.net
Received on Mon May 04 2009 - 00:48:11 ART

This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:41 ART