Re: Difficult Req : vty use tacacs for enable password but from Carlos G Mendioroz on 2012-10-09 (Ccielab archives 10/2012)

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Tue, 09 Oct 2012 07:01:40 -0300

Jay,
authentication on console and enable access are different services.
(enable is also an authentication method, but that is not in play here)
He wants to have different credentials to access the enable service when
accessing the router via console and via vtys.

-Carlos

Jay McMickle @ 08/10/2012 22:28 -0300 dixit:
> What about using enable for the line con?
>
> aaa authen login mycon enable
> aaa
> authen login myvty line
> line con 0
> login authen mycon
> line vty 0 15
> login
> authen myvty
> pass cisco
> login priv 15
>
> This would use the enable for the
> console, and cisco for the user mode, but take you right to priv 15.
>
> Regards,
> Jay McMickle- 3x CCNP (R&S,Security,Design), CCIE #35355 (R&S)
>
> From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> To: Mohammad Mousa
> <mohd-mousa_at_hotmail.com>
> Cc: jay.mcmickle_at_yahoo.com; jeremy.cool14_at_gmail.com;
> ccielab_at_groupstudy.com
> Sent: Monday, October 8, 2012 11:01 AM
> Subject: Re:
> Difficult Req : vty use tacacs for enable password but console not using
> tacacs for enable.??????
>
> I think that what he wants is console "enable"
> password to be different.
> I don't know if that's possible...
> -Carlos
>
> Mohammad
> Mousa @ 08/10/2012 12:55 -0300 dixit:
>> Hi Jeremy, You can do it like this :
> aaa new-model
>> aaa authentication login MYCON line
>> aaa authentication login
> MYVTY enable
>> line con 0
>> login authentication MYCON
>> line vty 0 4login
> authentication MYVTY HTH,
>>
>>
>>> Regards,
>>> Jay McMickle- CCIE #35355 (RS),
> 3x CCNP (RS,Security,Design)
>>> Sent from my iPhone
>>>
>>> On Oct 8, 2012, at
> 1:39 AM, jeremy co <jeremy.cool14_at_gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> Is
> there any way that I can get all of the vty lines usgin tacacs for
>>>> enable
> password but console excluded from this ?
>>>>
>>>>
>>>> Problem is "aaa
> authentication enable default .... " applies to "default"
>>>> , so Im not sure
> how to achieve this requirement.
>>>>
>>>>
>>>> Thanks
>>>>
>>>>
>>>> Blogs and
> organic groups at http://www.ccie.net
>>>>
>>>>
> _______________________________________________________________________
>>>>
> Subscription information may be found at:
>>>>
> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups
> at http://www.ccie.net/
>>>
>>>
> _______________________________________________________________________
>>>
> Subscription information may be found at:
>>>
> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at
> http://www.ccie.net/
>>
>>
> _______________________________________________________________________
>>
> Subscription information may be found at:
>>
> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

Received on Tue Oct 09 2012 - 07:01:40 ART

This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART