Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
1
Replies

AAA authentication configuration

Go to solution
bapatsubodh
Level 1
Level 1

‎07-26-2009 02:33 PM - edited ‎03-10-2019 04:36 PM

Hi,

If following configuration is done what will be effect?

aaa new-model

username operation priv 7 password cisco

enable secret cisco@1234

aaa authentication login TEST group tacacs+ local.

( tacacs+ server is down so local user database will be used)

line console 0

password Admin@login

aaa authentication TEST

line vty 0 4

password operatio@login.

case:

1: vty access : as there is no list or default configured telnet access will be denied. Or it will still ask aaa authentication username / password. Am I correct ?

case 2 : If connected to console port, first console password will be asked or directly username / password will be asked.

Please share the experience.

Thanks in advance. sorry cant try it on production devices. :(

Subodh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-26-2009 05:19 PM

Subodh

1) since there is no authentication list specified on the vty ports then they will use the default authentication. With aaa new-model the default for vty is local authentication. So the router should prompt for ID and password - and if you give the ID and password as configured then you should successfully access the vty.

2) since there is an authentication list specified for the console then the router will use the methods in the list when you access the console port. If the TACACS server is available then the router will authenticate using the server. If the server is not available then the router will authenticate with the local user ID and password. The router will not authenticate using the console password.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-26-2009 05:19 PM

Subodh

1) since there is no authentication list specified on the vty ports then they will use the default authentication. With aaa new-model the default for vty is local authentication. So the router should prompt for ID and password - and if you give the ID and password as configured then you should successfully access the vty.

2) since there is an authentication list specified for the console then the router will use the methods in the list when you access the console port. If the TACACS server is available then the router will authenticate using the server. If the server is not available then the router will authenticate with the local user ID and password. The router will not authenticate using the console password.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents