3620 Console Server - Double Auth issues....

Unanswered Question
Aug 22nd, 2008

Hi,


I have a 3620 with a NM-32A cabled to numerous Cisco consoles with CAB-OCTAL-ASYNC cable to each console port.


CONSOLE SERVER:

!

interface Ethernet1/0

ip address 192.168.10.180 255.255.255.224

no ip directed-broadcast

!

ip host SWITCH4 2001 192.168.10.180

!

line 1 32

session-timeout 20

no exec

exec-timeout 0 0

transport input telnet

transport output pad v120 telnet rlogin udptn

!


SWITCH4:

aaa authentication login default local-case

aaa authorization exec default local

username user password Pass

enable secret SECRET

!

!

line con 0

exec-timeout 0 0

transport preferred telnet

!


CONSOLE#teln SWITCH4

Trying SWITCH4 (192.168.10.180, 2001)... Open



User Access Verification


Username: user

Password:<Pass>

_


This times out....I then auth again and sometimes get in, sometimes not. Same behaviour across 4 out of 13 devices (so far).....!!


Has anyone had similar problems?


Thanks,

Mark



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 08/24/2008 - 04:26

Mark


I suggest, as an experiment, that you remove this line from the config and see if the behavior improves:

aaa authorization exec default local

I do not see that this is doing much for you (at least in the small amount of configuration that you posted) and potentially could cause symptoms such as you describe. If the behavior does improve you might leave it out or you might change it to this:

aaa authorization exec default if-authenticated


HTH


Rick

wpharaon Mon, 08/25/2008 - 01:34

Hello,


This is the normal behavior as AAA is configured on your console server, and by default the authentication configured is applied on all lines, this behavior is not what you require on a terminal server, so


On the console server, configure:

aaa authentication login NOAUTH none


Under the NM-32 lines, configure:

login authentication NOAUTH



UTVi-NetAdmin Mon, 09/08/2008 - 07:50

Thanks to Rick, Wissam for your help.


I took of Authentication from the lines as you suggested and all is working well.


Thanks again,

Mark


Actions

This Discussion