cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
974
Views
0
Helpful
4
Replies

What is the best way to ensure Console Port stays open when using TACACS+

jimmyc_2
Level 1
Level 1

We have an assortment of 4507s, 2950s, and mid-size routers, all on TACACS+. We have physical security over all the devices, so we want the console port always available. We tried adding "login authen for-console" under line Con 0, and "aaa authen login for-console none", but that sometimes gives us an infinitly recuring login prompt. Whats the best way to always keep it open?

1 Accepted Solution

Accepted Solutions

James

This will be independent of TACACS. Whether you should remove the TACACS lines from Console 0 depends on what is configured in aaa and on what you want the behavior to be. If you leave the TACACS lines on console 0 there will be no authentication and the console will be pretty much always open. (I say pretty much because if someone is on the console and when they finish they execute the logoff or quit or exit commands the console session will terminate and go back to the login prompt.)

If you remove the TACACS lines from console 0 and there is an aaa authentication login default configured then the console will be subject to this processing for authentication.

Based on what I think I understand of what you are trying to do I would leave the TACACS configured on the console as you have it and I would add the exec-timeout 0.

HTH

Rick

HTH

Rick

View solution in original post

4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

James

If I am understanding correctly what you are trying to do, then I suggest that you try:

exec-timeout 0

under line console 0. This will prevent the console from timeing out and presenting the login prompt. It will have the effect of always keeping the console open.

HTH

Rick

HTH

Rick

Thanks Rick,

This will be wholly independent of whether TACACs is up or not?

Should I then remove all TACACS lines in Con 0?

Thanks

James

This will be independent of TACACS. Whether you should remove the TACACS lines from Console 0 depends on what is configured in aaa and on what you want the behavior to be. If you leave the TACACS lines on console 0 there will be no authentication and the console will be pretty much always open. (I say pretty much because if someone is on the console and when they finish they execute the logoff or quit or exit commands the console session will terminate and go back to the login prompt.)

If you remove the TACACS lines from console 0 and there is an aaa authentication login default configured then the console will be subject to this processing for authentication.

Based on what I think I understand of what you are trying to do I would leave the TACACS configured on the console as you have it and I would add the exec-timeout 0.

HTH

Rick

HTH

Rick

James

Thanks for using the rating system to indicate that a posting provided a solution for your issue. (and thanks for the rating) It makes the forum much more useful when someone can read about a problem and can know that they will read a solution to the problem. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: