03-20-2007 10:19 AM
We have an assortment of 4507s, 2950s, and mid-size routers, all on TACACS+. We have physical security over all the devices, so we want the console port always available. We tried adding "login authen for-console" under line Con 0, and "aaa authen login for-console none", but that sometimes gives us an infinitly recuring login prompt. Whats the best way to always keep it open?
Solved! Go to Solution.
03-20-2007 10:55 AM
James
This will be independent of TACACS. Whether you should remove the TACACS lines from Console 0 depends on what is configured in aaa and on what you want the behavior to be. If you leave the TACACS lines on console 0 there will be no authentication and the console will be pretty much always open. (I say pretty much because if someone is on the console and when they finish they execute the logoff or quit or exit commands the console session will terminate and go back to the login prompt.)
If you remove the TACACS lines from console 0 and there is an aaa authentication login default configured then the console will be subject to this processing for authentication.
Based on what I think I understand of what you are trying to do I would leave the TACACS configured on the console as you have it and I would add the exec-timeout 0.
HTH
Rick
03-20-2007 10:36 AM
James
If I am understanding correctly what you are trying to do, then I suggest that you try:
exec-timeout 0
under line console 0. This will prevent the console from timeing out and presenting the login prompt. It will have the effect of always keeping the console open.
HTH
Rick
03-20-2007 10:43 AM
Thanks Rick,
This will be wholly independent of whether TACACs is up or not?
Should I then remove all TACACS lines in Con 0?
Thanks
03-20-2007 10:55 AM
James
This will be independent of TACACS. Whether you should remove the TACACS lines from Console 0 depends on what is configured in aaa and on what you want the behavior to be. If you leave the TACACS lines on console 0 there will be no authentication and the console will be pretty much always open. (I say pretty much because if someone is on the console and when they finish they execute the logoff or quit or exit commands the console session will terminate and go back to the login prompt.)
If you remove the TACACS lines from console 0 and there is an aaa authentication login default configured then the console will be subject to this processing for authentication.
Based on what I think I understand of what you are trying to do I would leave the TACACS configured on the console as you have it and I would add the exec-timeout 0.
HTH
Rick
03-20-2007 11:07 AM
James
Thanks for using the rating system to indicate that a posting provided a solution for your issue. (and thanks for the rating) It makes the forum much more useful when someone can read about a problem and can know that they will read a solution to the problem. I encourage you to continue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: