10-08-2012 02:58 AM - edited 03-10-2019 07:38 PM
aaa new-model
aaa authentication login default local
username aaa password aaa
username bbb password bbb
user aaa should have ssh and telnet access.
user bbb is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in user exec mode.
i also can not apply access-class on vty lines because i am loging in device from different places ,and dont know exact ranges of ip address to create access-list
radius and tacacs is not option for me
what can be done in order to restrict user bbb from ssh and telnet access ?
10-08-2012 10:13 PM
I have not tested it but it seems to me that something like this might accomplish your requirements
User aaa password aaa privilege 0
HTH
Rick
Sent from Cisco Technical Support iPhone App4F7388
10-08-2012 10:16 PM
OK. I did not clearly remember the OP description of aaa and bbb. So for bbb to only have VPN access try
User bbb password bbb privilege 0
HTH
Rick
Sent from Cisco Technical Support iPhone App
10-09-2012 01:11 AM
username bbb privilege 0 password bbb
it doesnot solvs issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: