Is there some reason the contributors of this list never shorten these
long URls?
This link below link could be:
Just wondering
Cheers,
Ted
On 5/16/2011 9:06 PM, garry baker wrote:
> there is some good documentation in the command reference which states, "On
> the console, login will succeed without any authentication checks if *
> default* keyword is not set"
>
>
> http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1088074
>
> i did a test with a debug, and interesting things i see without the 'aaa
> authentication login default local' set explicitly you get a method on the
> line vty called 'Permanent Local' and on the console 'Permanent None'
>
> aaa authentication login default local
> aaa authentication login CONSOLE none
> aaa authentication login VTY local
> R3(config)#do sh run | s line
> line con 0
> exec-timeout 0 0
> logging synchronous
> login authentication CONSOLE
> line aux 0
> line vty 0 4
> R3(config)#do sh debug
> General OS:
> AAA Authentication debugging is on
> R3(config)#
> *Mar 1 01:44:02.859: AAA/BIND(00000008): Bind i/f
> *Mar 1 01:44:02.863: AAA/AUTHEN/LOGIN (00000008): Pick method list
> 'default'
>
> R3(config)#no aaa authentication login default local
> R3(config)#
> *Mar 1 01:44:56.595: AAA/BIND(00000009): Bind i/f
> *Mar 1 01:44:56.599: AAA/AUTHEN/LOGIN (00000009): Pick method list
> 'Permanent Local'
> R3(config)#line vty 0 4
> R3(config-line)#login authentication VTY
> R3(config-line)#
> *Mar 1 01:45:51.691: AAA/BIND(0000000A): Bind i/f
> *Mar 1 01:45:51.695: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'VTY'
>
> WITH THE DEFAULT CONSOLE config:
> R3(config-line)#do sh run | s line
> line con 0
> exec-timeout 0 0
> logging synchronous
> line aux 0
> line vty 0 4
> login authentication VTY
> *Mar 1 01:51:05.899: AAA/BIND(0000000C): Bind i/f
> *Mar 1 01:51:05.903: AAA/AUTHEN/LOGIN (0000000C): Pick method list
> 'Permanent None'
> *Mar 1 01:51:07.215: AAA: parse name=tty0 idb type=-1 tty=-1
> *Mar 1 01:51:07.215: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
> adapter=0 port=0 channel=0
> *Mar 1 01:51:07.215: AAA/MEMORY: create_user (0x66055A94) user='NULL'
> ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII
> service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
> *Mar 1 01:51:07.219: AAA/AUTHEN/START (1384604581): port='tty0' list=''
> action=LOGIN service=ENABLE
> *Mar 1 01:51:07.219: AAA/AUTHEN/START (1384604581): console enable -
> default to enable password (if any)
> *Mar 1 01:51:07.219: AAA/AUTHEN/START (1384604581): Method=ENABLE
> R3#
> *Mar 1 01:51:07.219: AAA/AUTHEN(1384604581): can't find any passwords
> *Mar 1 01:51:07.219: AAA/AUTHEN(1384604581): Status=ERROR
> *Mar 1 01:51:07.223: AAA/AUTHEN/START (1384604581): Method=NONE
> *Mar 1 01:51:07.223: AAA/AUTHEN(1384604581): Status=PASS
> *Mar 1 01:51:07.223: AAA/MEMORY: free_user (0x66055A94) user='NULL'
> ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE
> priv=15 vrf= (id=0)
> --
> Garry L. Baker
>
> "With sufficient thrust, pigs fly just fine..." - RFC 1925
>
>
>
> On Tue, May 17, 2011 at 2:54 AM, ALL From_NJ<all.from.nj_at_gmail.com> wrote:
>
>> Hey team,
>>
>> I am trying to study a bunch of things tonight, and figured I would 'punt'
>> this one to the group to see if anyone has a good link or anything.
>>
>> Question - when I configure aaa for a particular method, for example ssh,
>> ppp, or whatever, and I create a new list name, will this affect the
>> default
>> list in any way?
>>
>> For example, lets say I create a list called ppp, but do not change the
>> default and only specify my new list on my ppp interfaces. Is the default
>> still in effect for the console, web, or vty ports?
>>
>> My testing says yes, but you know (LOL!!!)... perhaps I am missing
>> something
>> also (would not be the first time ;-)). Just figured I would send this out
>> there to see if anyone had additional comments or thoughts.
>>
>> Any good suggestions for links?
>>
>> TIA,
>>
>> --
>> Andrew Lee Lissitz
>> all.from.nj_at_gmail.com
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon May 16 2011 - 21:24:03 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART