VTY Lines

Unanswered Question
Feb 1st, 2007

In my router (as with most) I have vty line 0 4 and vty line 5 15. I curious if i can have two different logons configured; i.e. 0 4 for tacacs and 5 15 for local. If so, I do I force a user who I want to login in local to hit the vty 5 15.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rdessert Thu, 02/01/2007 - 09:56

I believe this is possible. You would need to restrict access for vty 0 4 to a certain network or group of IP's etc., and then restrict access to lines 5 15 with an ACL permitting only the IP's you desire to authenticate locally.

Hope this helps.

Rich

Richard Burts Thu, 02/01/2007 - 09:57

Craig

It is certainly possible to configure vty 0 4 for tacacs and 5 15 for local. But guiding/forcing users to the right one is problematic. In general the router chooses the next available vty when there is an incoming connection, so vty 5 would be used only when 0 4 were busy.

I have read a description of configuring vty 5 15 with a rotary and telnetting with a specified port as a way of choosing the vty port. I have not done this and can not say how well it would work.

so while there is a theoretical way to get it to work, I suspect that the practical answer in reality is that it will not be feasible to do.

[edit: I had another thought that might work. If you configure vty 0 4 with transport input ssh and configure vty 5 15 with transport input telnet. Then you could have one group access with SSH and the other group access with telnet. I believe that this might work for you.]

HTH

Rick

Actions

This Discussion