Using RAdius for Remote authentication but local for Telnet
I have a 3640 used for RAS. The remote users need a post dial terminal window for a form of token Authentication. This is specified with the LOGIN command. When I try and telnet in I am promted for username/password which passess but the telnet fails. The RADIUS server being used does not specify a telnet parameter, so tries to use PPP for telnet. If I remove Login RADIUS then the remote users get no output from thier post dial window. Can I specify that telnet is only locally authenticated, and therefore not effect any remote users needing to use login?
Any help would be greatly appreciated.
I have attached current config.
aaa authentication login default group radius
aaa authentication ppp default if-needed group radius
aaa authorization exec default group radius
aaa authorization network default group radius
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
Re: Using RAdius for Remote authentication but local for Telnet
You'll need to create a different method list for AAA that you can apply to your vty line. The term local means using a username/password that resides on your router. However looking at you configuration, you have no username/passwords configured so I assume that you want to simply get a password prompt when you telnet to the router. If I have understood you correctly then configure the following. As you haven't provided a show version I'm assuming that you're running the latest code:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :