Excluding Terminal Server lines from AAA Authentication

Answered Question
Feb 8th, 2010
User Badges:

Hi All,

Hope you can help, I'm trying to find a solution to exclude the following line port from using AAA (ACS TACACS+) authentication on a Terminal Server card on a Cisco 2600 Router.  Does anyone know how to do this, or point me in the right direction to resolve?


I've included output below:



aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs
aaa accounting system default start-stop group tacacs+
aaa session-id common


line 41
session-timeout 20
location XXXXXX-Decoder -- BT XXXXXX
no motd-banner
no exec-banner
absolute-timeout 240
modem InOut
no exec
transport input all
stopbits 1
speed 38400


Is this a matter of disabling the command on the line or by using a defined group?

Many thanks for your help,

Jim.

Correct Answer by sachinraja about 7 years 2 months ago

Hi Jim


You might need to create another group for aux authentication, and refer it on your AAA configuration


line aux 0

login authentication aux_auth


aaa authenticaiton login aux_auth line


you can also configure a local username/pw and map it to the AUX group here..


console and telnet would still use the default group configured, or you can specify specific groups like:


line con 0

login authentication console


line vty0 4

login authentication vty


and specify aaa authentication parameters individually...


Hope this helps.. all the best


Raj

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
sachinraja Tue, 02/09/2010 - 10:58
User Badges:
  • Red, 2250 points or more

Hi Jim


You might need to create another group for aux authentication, and refer it on your AAA configuration


line aux 0

login authentication aux_auth


aaa authenticaiton login aux_auth line


you can also configure a local username/pw and map it to the AUX group here..


console and telnet would still use the default group configured, or you can specify specific groups like:


line con 0

login authentication console


line vty0 4

login authentication vty


and specify aaa authentication parameters individually...


Hope this helps.. all the best


Raj

Actions

This Discussion