I have a customer that wants to only use ssh for their vty in conjunction with their TACACS server and a local account. I have created the local account and configured their aaa authentication using the following cmd:
aaa authentication login default group tacacs+ local
I have also configured the correct TACACS key and server ip in the 6513. My issue is that for some reason I am not able to ssh to the switch using a TACACS account so when it fails quiet mode is eventually enabled and I get the following message ...
000076: Aug 1 09:19:40.287 EDT: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 25 secs, [user: netman] [Source: 184.108.40.206] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 09:19:40 EDT Sat Aug 1 2009[OK]
After the message I find that the ACL: sl_def_acl is now enable and placed under the vty section of the running config and never clears after the default time. As a result, ssh is blocked.
So, after this occurs I manually removed the ACL from the vty and tried to enter my own ACL to allow access to TACACS hosts through using ssh on the vty lines and it worked but it won't let me save the config like this because it states that quiet mode is enabled. I didn't configure auto secure with this switch so I am wondering if I can disable quiet mode somehow ... I understand that its a good security mechanism but right now for troubleshooting purposes I would like to disable quiet mode or remove the extended ACL.
If anyone knows how to do this or have any suggestions for me to consider please respond ... thanks in advance!
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.