https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967446#M381819 <HTML><HEAD></HEAD><BODY><P>rick</P><P></P><P>many thanks for your help</P><P></P><P>i passed the snd (1000/1000!)</P><P></P><P>thanks for your help</P></BODY></HTML> Sat, 03 May 2008 11:16:47 GMT mulhollandm 2008-05-03T11:16:47Z https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967442#M381640 <P>folks</P><P></P><P>i'm trying to get my head around some AAA concepts and i'm finding the documentation a bit confusing as it doesn't explain some of the core concepts (well not simply enough for me!)</P><P></P><P>if i define the line</P><P></P><P>aaa authentication login ConsoleIn local</P><P></P><P>i know that loca will refer to the local database but where is the group ConsoleIn referred to in the config</P><P></P><P>is it in the con0 config where i would declare</P><P></P><P>aaa authentication ConsoleIn </P><P></P><P>if so, does this not mean anyone declared in the local dbase is not entitled to console access</P><P></P><P>thanks to anyone taking the time to reply</P> Sun, 10 Mar 2019 22:49:12 GMT https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967442#M381640 mulhollandm 2019-03-10T22:49:12Z https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967443#M381654 <HTML><HEAD></HEAD><BODY><P>Michael</P><P></P><P>You have it just about right. If you configure:</P><P>aaa authentication login ConsoleIn local </P><P>you are creating a named method (where ConsoleIn is the name) and it will authenticate attempts to login using the locally configured userIDs and password.</P><P></P><P>The name must be used somewhere in the config to indicate what is using this method. The name suggests that it would be configured under line con 0 to specify authentication on the console. But it logically could be configured under line vty 0 4.</P><P></P><P>And yes it does mean that someone who is not in the local database in not entitled to console access.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Thu, 01 May 2008 19:08:16 GMT https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967443#M381654 Richard Burts 2008-05-01T19:08:16Z https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967444#M381691 <HTML><HEAD></HEAD><BODY><P>rick</P><P></P><P>many thanks for your reply, its greatly appreciated - i have my snd exam tomorrow so i'm doing some late cramming!</P><P></P><P>can i ask another question if you don't mind</P><P></P><P>if i declare 4 names in the local database and i point the ConsoleIn method to this, is there any way to restrict console access to only 2 of the 4 declared usernames?</P><P></P><P>apologies if this sounds naive but ....</P></BODY></HTML> Thu, 01 May 2008 19:14:38 GMT https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967444#M381691 mulhollandm 2008-05-01T19:14:38Z https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967445#M381750 <HTML><HEAD></HEAD><BODY><P>Michael</P><P></P><P>I am not aware of any way that you can restrict access to the console to only some of the configured local userIDs.</P><P></P><P>Good luck on the SND exam.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Fri, 02 May 2008 12:30:18 GMT https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967445#M381750 Richard Burts 2008-05-02T12:30:18Z https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967446#M381819 <HTML><HEAD></HEAD><BODY><P>rick</P><P></P><P>many thanks for your help</P><P></P><P>i passed the snd (1000/1000!)</P><P></P><P>thanks for your help</P></BODY></HTML> Sat, 03 May 2008 11:16:47 GMT https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967446#M381819 mulhollandm 2008-05-03T11:16:47Z https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967447#M381850 <HTML><HEAD></HEAD><BODY><P>Michael </P><P></P><P>Congratulations on passing the SND test.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Sat, 03 May 2008 15:34:09 GMT https://community.cisco.com/t5/network-access-control/beginners-question-on-aaa/m-p/967447#M381850 Richard Burts 2008-05-03T15:34:09Z