Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Excluding Terminal Server lines from AAA Authentication

Hi All,

Hope you can help, I'm trying to find a solution to exclude the following line port from using AAA (ACS TACACS+) authentication on a Terminal Server card on a Cisco 2600 Router.  Does anyone know how to do this, or point me in the right direction to resolve?

I've included output below:

aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs
aaa accounting system default start-stop group tacacs+
aaa session-id common

line 41
session-timeout 20
location XXXXXX-Decoder -- BT XXXXXX
no motd-banner
no exec-banner
absolute-timeout 240
modem InOut
no exec
transport input all
stopbits 1
speed 38400

Is this a matter of disabling the command on the line or by using a defined group?

Many thanks for your help,

Jim.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Excluding Terminal Server lines from AAA Authentication

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

2 REPLIES

Re: Excluding Terminal Server lines from AAA Authentication

Hi Jim

You might need to create another group for aux authentication, and refer it on your AAA configuration

line aux 0

login authentication aux_auth

aaa authenticaiton login aux_auth line

you can also configure a local username/pw and map it to the AUX group here..

console and telnet would still use the default group configured, or you can specify specific groups like:

line con 0

login authentication console

line vty0 4

login authentication vty

and specify aaa authentication parameters individually...

Hope this helps.. all the best

Raj

New Member

Re: Excluding Terminal Server lines from AAA Authentication

Thanks Raj, very helpfully.

Jim.

844
Views
0
Helpful
2
Replies