Excluding Terminal Server lines from AAA Authentication

Answered Question
Feb 8th, 2010

Hi All,

Hope you can help, I'm trying to find a solution to exclude the following line port from using AAA (ACS TACACS+) authentication on a Terminal Server card on a Cisco 2600 Router.  Does anyone know how to do this, or point me in the right direction to resolve?

I've included output below:

aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs
aaa accounting system default start-stop group tacacs+
aaa session-id common

line 41
session-timeout 20
location XXXXXX-Decoder -- BT XXXXXX
no motd-banner
no exec-banner
absolute-timeout 240
modem InOut
no exec
transport input all
stopbits 1
speed 38400

Is this a matter of disabling the command on the line or by using a defined group?

Many thanks for your help,

Jim.

I have this problem too.
0 votes
Correct Answer by sachinraja about 6 years 10 months ago

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
sachinraja Tue, 02/09/2010 - 10:58

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

Actions

This Discussion