topic Re: AAA authentication login novice question in Network Access Control

AAA authentication login novice question

kostasgeor — Sun, 10 Mar 2019 22:48:41 GMT

Hi, 2 questions about AAA authentication since i'm quite confused with the available documentation and currently i have no devices available to test :

1) when "aaa new model" entered does login authentication immediately applies to all lines and defaults to router's local database (without any other command needed)?

2)if configure "aaa authentication login default none" does this mean that in vty (when no command applied to vty) no authentication is performed; telnet succeeds without any authentication?

Thanks

Re: AAA authentication login novice question

guruprasadr — Sun, 27 Apr 2008 19:06:17 GMT

HI, [Pls Rate if HELPS]

Answer to Question:1

======================

The first command, aaa new-model, tells the router that you are using either TACACS+ or RADIUS for authentication.

FYI, If you do not want the console to authenticate with tacacs then try configuring this:

aaa authentication login consoleauth line

line con 0

To configure AAA authentication, perform the following tasks:

1. Enable AAA by using the aaa new-model global configuration command.

2. Configure security protocol parameters, such as RADIUS, TACACS+, or Kerberos if you are using a security server.

3. Define the method lists for Authentication by using an AAA authentication command.

4. Apply the method lists to a particular interface or line, if required.

Answer to Question:2

======================

"aaa authentication login default none" command to get access to Router via Console / VTY without authentication. The List must all be applied to the Line / Con / Interface.

'none' means Uses no authentication.

Note: Normally we authorize all commands through TACACS+, but if the server is down, no authorization is necessary, hence the 'none'

The 'none' keyword enables any user logging in to successfully authenticate, it should be used only as a backup method of authentication.

Hope I am Informative.

Please RATE if HELPS

Best Regards,

Guru Prasad R

Re: AAA authentication login novice question

Jagdeep Gambhir — Mon, 28 Apr 2008 12:12:00 GMT

Hi,

1).It will be applied to all interfaces on incase you did not remove aaa commands individually.

For Example you have these in your router,

aaa new-model

aaa authentication login default group tacacs local

Now you disabled aaa by issuing command

no aaa new-model

Everything related to aaa would be disabled.

Then if you enter aaa new-model command again , all previous aaa entries would be enabled.

So best way to remove aaa is by ,

no aaa authentication login default group tacacs local

no aaa new-model

2). Yes if you use "none" then no authentication check will be performed and user will be authenticated without any check.

Regards,

~JG

Do rate helpful posts

Re: AAA authentication login novice question

kostasgeor — Mon, 28 Apr 2008 16:55:55 GMT

Guys, thanks for your help and time.