- Red, 2250 points or more
I'm configuring a CISCO1921 router as a teminal server at the moment.
as a config template and it works.
I just added ssh to access the router instead of Telnet.
But what's annoying:
Any time I choose from the menu to connect to a device via reverse Telnet, I'm getting a prompt for the router username and password.
Only after I enter them (the same ones I used to ssh to the router originally), I'm getting the prompt from the device I'm connecting to.
It seems to be a built-in feature of the aaa new-model command :-(
Even when I login to the router using a privilege 15 account and issue the reverseTelnet (=connect) command from the CLI, I have to fill the username/pwd again before being allowed to Telnet!
The only way I found so far was
Router(config)#aaa authentication login default none
which is not acceptable, of course.
When I try
Router(config)#no aaa new-model
"Changing configuration back to no aaa new-model is not supported.
from the 15.4(1)T1 IOS.
Am I missing something?
Is there any way to get rid of this annoying filling the usernam/pwd all the time?
I do not have a similar router and the proper HWIC here right now, but what I am thinking about is configuring a separate AAA auth list for exactly those lines that represent the HWIC serial ports. So for example, something like this:
aaa authentication login NOAUTH none
line 0/0/0 0/0/15
login authentication NOAUTH
You could eventually protect these lines with an access-class statement, preventing telnetting into them from outside.