Re: AAA trouble....

I've saw today 3560 With Universal Version that entered priviliege mode with
aaa new-model.

I've compared the exact configurations to 3560 with IPBase Version , and it
didn't entered privilege mode.

On Fri, Apr 24, 2009 at 12:29 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar>wrote:

> Darby,
> you missed the point of the Q.
> He was wondering about why the LOCAL priviledge was not being honoured...
> AAA ? yes Radius ? no.
>
> -Carlos
>
> Darby Weaver @ 23/04/2009 23:44 -0200 dixit:
> > Do you have a Radius Server and is it defined? I did not see this in
> the
> > config snippet.
> >
> > If you do not then it will look - refer to the debug output. If it fails
> to
> > find an auth server, then and only then will it fall back to the next
> > defined authententication method (in this case local).
> >
> > So...
> >
> > 1. If the Auth Server exists it will:
> >
> > A. Authenticate the use if the u/p is correct. or...
> > B. Fail if non-exist or incorrect.
> >
> > And that is it.
> >
> > 2. If the Auth Server does not exist (not defined in the config, is not
> > reachable, etc.)...
> >
> > A. The device will then proceed to the fallback auth mechanism if one if
> > configured and exists properly i.e. local database in the case presented.
> >
> > Now this is normal and expected behavior.
> >
> > I've read about people taking their labs and defining say VTY and not
> > defining an existing Auth Server or worse... not defining one at all...
> and
> > guess what else they do?
> >
> > They do not define a secondary authentication mechaism... or do not
> define a
> > local database with a u/p...
> >
> > Me -
> >
> > I like to verify things and I telnet/ssh to the device from the device
> and
> > verify what I will happen. I also perform a reload in 5 and just turn it
> > off if I don't need it.
> >
> > Hey I've had to set up whole networks with 500-1000+ devices at a time to
> > "take control" and when you have to do this kind of task you really don't
> > have time to lock yourself out of the box.
> >
> > Live and Learn.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Jul 26 2009 - 18:39:16 ART