aaa ?

Unanswered Question
Apr 24th, 2008
User Badges:

Hi,

I have the following aaa config:


aaa new-model

aaa authentication login default group radius line


radius-server host 172.16.1.254

radius-server key WinRadius


line con 0

line vty 0 4

password line


My radius config is working fine but by default the aaa config is being applied to the console, tty's etc.

Is there a way to configure using aaa but not to use the console. i.e. apply aaa to all methods of connecting to the router/switch bar the console port ?


PS: I've tried here :

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html


without success,


Regards,


Phil.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
philth_123_2 Thu, 04/24/2008 - 09:43
User Badges:

I've found it.


aaa authentication for-console local


Username local password local


line con 0

login authentication for-console



Phil.

Richard Burts Thu, 04/24/2008 - 09:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Phil


The simple answer to your question is that no there is not a way to have aaa apply to vty but not to console.


The more complex answer is that you can configure one aaa method to apply to vty (as you have done) and can configure another aaa method to apply to console.


If I can guess that you want the vty to authenticate with radius but want the console to just authenticate with its line password then you could try configuring this:

aaa authentication login consoleauth line

line con 0

login authentication consoleauth


This will allow the console to authenticate with its line password while the vty still authenticate with radius and use the line password as a backup if radius is not available.


HTH


Rick


Actions

This Discussion