cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1964
Views
0
Helpful
2
Replies

Excluding Terminal Server lines from AAA Authentication

CSCO10150256
Level 1
Level 1

Hi All,

Hope you can help, I'm trying to find a solution to exclude the following line port from using AAA (ACS TACACS+) authentication on a Terminal Server card on a Cisco 2600 Router.  Does anyone know how to do this, or point me in the right direction to resolve?

I've included output below:

aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs
aaa accounting system default start-stop group tacacs+
aaa session-id common

line 41
session-timeout 20
location XXXXXX-Decoder -- BT XXXXXX
no motd-banner
no exec-banner
absolute-timeout 240
modem InOut
no exec
transport input all
stopbits 1
speed 38400

Is this a matter of disabling the command on the line or by using a defined group?

Many thanks for your help,

Jim.

1 Accepted Solution

Accepted Solutions

sachinraja
Level 9
Level 9

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

View solution in original post

2 Replies 2

sachinraja
Level 9
Level 9

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

Thanks Raj, very helpfully.

Jim.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: