Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
5
Replies

Beginners question on AAA

mulhollandm
Level 1
Level 1

‎05-01-2008 10:36 AM - edited ‎03-10-2019 03:49 PM

folks

i'm trying to get my head around some AAA concepts and i'm finding the documentation a bit confusing as it doesn't explain some of the core concepts (well not simply enough for me!)

if i define the line

aaa authentication login ConsoleIn local

i know that loca will refer to the local database but where is the group ConsoleIn referred to in the config

is it in the con0 config where i would declare

aaa authentication ConsoleIn

if so, does this not mean anyone declared in the local dbase is not entitled to console access

thanks to anyone taking the time to reply

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎05-01-2008 12:08 PM

Michael

You have it just about right. If you configure:

aaa authentication login ConsoleIn local

you are creating a named method (where ConsoleIn is the name) and it will authenticate attempts to login using the locally configured userIDs and password.

The name must be used somewhere in the config to indicate what is using this method. The name suggests that it would be configured under line con 0 to specify authentication on the console. But it logically could be configured under line vty 0 4.

And yes it does mean that someone who is not in the local database in not entitled to console access.

HTH

Rick

HTH

Rick
0 Helpful

mulhollandm
Level 1
Level 1
In response to Richard Burts

‎05-01-2008 12:14 PM

rick

many thanks for your reply, its greatly appreciated - i have my snd exam tomorrow so i'm doing some late cramming!

can i ask another question if you don't mind

if i declare 4 names in the local database and i point the ConsoleIn method to this, is there any way to restrict console access to only 2 of the 4 declared usernames?

apologies if this sounds naive but ....

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mulhollandm

‎05-02-2008 05:30 AM

Michael

I am not aware of any way that you can restrict access to the console to only some of the configured local userIDs.

Good luck on the SND exam.

HTH

Rick

HTH

Rick
0 Helpful

mulhollandm
Level 1
Level 1
In response to Richard Burts

‎05-03-2008 04:16 AM

rick

many thanks for your help

i passed the snd (1000/1000!)

thanks for your help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mulhollandm

‎05-03-2008 08:34 AM

Michael

Congratulations on passing the SND test.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents