Thanks alot Jay, now I understand it I appreciated :)$
Sent from my iPhone
On May 12, 2012, at 3:40 PM, "Jay McMickle" <jay.mcmickle_at_yahoo.com> wrote:
> copy and paste both lines of the link. It's active.
> http://www.kellywalsh.org/teacher_pages/duane_reimer/ccnp/student/ccnp_2/en_C
> CNP2_v30/PDF/lab_11_3_2.pdf
>
>
> Regards,
> Jay McMickle- CCIE #35355
>
>
> From: Tony
> Singh <mothafungla_at_gmail.com>
> To: Jay McMickle <jay.mcmickle_at_yahoo.com>
> Cc:
> Mohammad Mousa <mohd-mousa_at_hotmail.com>; "ccielab_at_groupstudy.com"
> <ccielab_at_groupstudy.com>
> Sent: Saturday, May 12, 2012 7:14 AM
> Subject: Re:
> AAA
>
> Jay link is dead, but great solution man.
>
> BR
>
> Sent from my iPhone on 3
> On 12 May 2012, at 13:09, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
>
>>
> Mohammad,
>> My point was that both lines can't co-exist. One will override
> the
>> other. You will need to put the "none" at the end of the aaa statement
> to
>> fall back to none. You may have the word "login" under your vty or
> console
>> which would conflict with your login def local, and force it to use
> the local
>> authentication.
>>
>> HOU-SW1(config)#aaa authentication login def
> local line
>> HOU-SW1(config)#do sh run | in aaa
>> aaa new-model
>> aaa
> authentication login
>> default local line
>> aaa session-id common
>>
> HOU-SW1(config)#
>> HOU-SW1(config)#aaa
>> authentication login def local line
> none
>> HOU-SW1(config)#
>> HOU-SW1(config)#do
>> sh run | in aaa
>> aaa
> new-model
>> aaa authentication login default local line none
>> aaa session-id
> common
>>
>>
>> For your second question, you would have to write the
>>
> commands using an authentication list of commands. PRIV1 would limit them
>>
> from entering config t, but PRIV15, applied with a limited list of permissible
>> commands to execute, would meet your requirements. It's pretty entailed,
> but
>> here's a link to help. Step 2, page 3 should help get you started.
>>
> http://www.kellywalsh.org/teacher_pages/duane_reimer/ccnp/student/ccnp_2/en_C
>> CNP2_v30/PDF/lab_11_3_2.pdf
>>
>>
>> Regards,
>> Jay McMickle- CCIE #35355
>>
>>
>> From:
>> Mohammad Mousa <mohd-mousa_at_hotmail.com>
>> To: Jay McMickle
>>
> <jay.mcmickle_at_yahoo.com>
>> Cc: "ccielab_at_groupstudy.com"
>>
> <ccielab_at_groupstudy.com>
>> Sent: Friday, May 11, 2012 3:49 PM
>> Subject: Re:
> AAA
>> Hi Jay
>>
>> My first question is, when i used the two separate
> statement .. Why I
>> can't access the router even I put wrong username and
> password ?
>> The
>> second one, I need to create username George
> password George for example.i
>> want to give him only to enter the confg mode
> and interface mode and don't
>> anything else . Why this cant'
> happen unless you telnet the
>> router. Why you can't make it from the console
> if you login with same username
>> !
> Thanks a lot jay,
>> apprcieate that.
>> On May 11, 2012, at 11:29 PM,
> "Jay McMickle"
>> <jay.mcmickle_at_yahoo.com> wrote:
>>
>>> I might have
> misunderstood your 1st
>> question, but when you enter both lines you put, the
> second overrides the
>> first (only showing the 2nd line).
>>>
>>> If you want
> it to fall back, use-
>>>
>> ....local def line none (on the same line)
>>>
>>>
> Second question-
>>> Priv 1 and
>> 15 are the only ones that work.
>>>
>>>
> Regards,
>>> Jay McMickle- CCIE #35355
>>>
>> Sent from iJay
>>>
>>> On May 11,
> 2012, at 12:58 PM, <mohd-mousa_at_hotmail.com>
>> wrote:
>>>
>>>> Hi guys,
>>>>
>>>>
> I have two qestions regarding the aaa
>> authentication,
>>>>
>>>> first, when i
> do the following commmand
>>>> -aaa
>> authentication login default local
>>>>
> -aaa authentication login default none
>>>>
>>>> guys, i know that the first
> statment will authenticate based on the
>> username
>>>> and password defined
> on the local database of the router.
>>>>
>> Second statment i used it to avoid
> lock my self of the router.
>>>>
>>>> When i
>> get out the router and get in,
> it will ask me the username and password.
>>>>
>> and can't get in ( if i don't
> put the username and pass).
>>>> my question is
>> should i access the router
> even without authentication as the
>>>> second
>> statment said.
>>>>
>>>>
>>>>
>>>> Second, i know there are two level (8 for the
>> usermode , 15 for the conf
> mode)
>>>>
>>>> i have the following command
>>>>
>> usename k privileage 9 pass
> k
>>>> privielage exe level 9 configure terminal
>>>>
>> privielage configure
> level 9 interface
>>>> aaa authorization exec default local
>>>>
>>>> Why this
> command only work when i telnet to this router, while itsn't
>> working
>>>>
> when i get through the console ?
>>>>
>>>> when i get through the
>> telnet
>>>>
> show privi ---- he gave me level 9 (after i put the username &
>> pass) it
> worked
>>>> fine
>>>> when i get through the console
>>>> show privi ----
>> it
> gave me level 15 ( after i put the usename & pass )
>>>>
>>>> Thanks in
>>
> advance
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>>
>> _______________________________________________________________________
>>>>
>> Subscription information may be found at:
>>>>
>>
> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic
> groups
>> at http://www.ccie.net
>>>
>>>
>>
> _______________________________________________________________________
>>>
>>
> Subscription information may be found at:
>>>
>>
> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups
> at http://www.ccie.net
>>
>>
> _______________________________________________________________________
>>
> Subscription information may be found at:
>>
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat May 12 2012 - 15:55:13 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART