Solved: Excluding Terminal Server lines from AAA Authentication

CSCO10150256 · ‎02-08-2010

Hi All,

Hope you can help, I'm trying to find a solution to exclude the following line port from using AAA (ACS TACACS+) authentication on a Terminal Server card on a Cisco 2600 Router. Does anyone know how to do this, or point me in the right direction to resolve?

I've included output below:

aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs
aaa accounting system default start-stop group tacacs+
aaa session-id common

line 41
session-timeout 20
location XXXXXX-Decoder -- BT XXXXXX
no motd-banner
no exec-banner
absolute-timeout 240
modem InOut
no exec
transport input all
stopbits 1
speed 38400

Is this a matter of disabling the command on the line or by using a defined group?

Many thanks for your help,

Jim.

sachinraja · ‎02-09-2010

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

View solution in original post

sachinraja · ‎02-09-2010