Hello gang, I'm trying to find a way around IOS's default behavior when individual VTY lines are configured with unique passwords.
Pretend for the moment that the only way to authenticate a VTY line user is via the line password. If lines 0-3 are given the password 'cisco' and line 4 is given the password 'test,' attempts to telnet to the router using the 'test' password won't work until lines 0-3 are in use. I know that the chance of needing to alter that behavior in a production environment are near nil due to AAA, local databases, etc, but I'm curious to know if it's possible.
Direct example: fire up an unconfigured router and enter only the lines below:
ip add 192.168.0.1 255.255.255.0
line vty 0 3
exit line vty 4
Now, without adding a username/password combo, aaa new-model or any other authentication other than the line password, tell the router to allow access with the pasword 'test' regardless of whether lines 0-3 are in use.
If it's impossible, that's fine. I'm just curious.
Hi, it's impossible, this is because the router selects the vty connection in a random way and it's have no sense to have a password if you don't know what vty line are you going to use, so this is because you need another authentication method like local database or aaa.
Hope this helpful, if so pls rate post