08-04-2003 05:48 PM - edited 03-02-2019 09:21 AM
With some experimentation and assistance from this forum I have been able to get init strings, modem pooling, and autocommand working properly. Now I would like to have certain dialin numbers accept a userID and password from the dialing device prior to executing the autocommand telnet command.
The dialing device will be an unattended PC that will connect and send a username and password. Once authenticated on the access server the device will be (auto) telnetted to a local host and the two will begin exchanging data.
The unattended data exchange works properly, now I need to add authentication. Any suggestions (examples, URLs, etc.) would be greatly appreciated.
Regards,
Dan
Solved! Go to Solution.
08-06-2003 10:21 PM
You're welcome, if I'm ever in PA I'll let you buy me a beer :-)
cheers
Herbert
PS: you could also do me (and other authors) a favor by rating the messages you find helpful.
08-05-2003 03:36 AM
Hi again Dan,
can we have a look at your current config?
Are you saying that other dialin users do not have to authenticate?
regards,
Herbert
08-05-2003 05:29 AM
Hello again, Herbert. Yes, I have several dial-in phone numbers, with a modem pool set up for each of the numbers. Users dialing in on some of the numbers are (autocommand) telnetted to a specific host on a specific TCP port without authentication. Users dialing in on other numbers will have to authenticate prior to being (autocommand) telnetted to their host.
I have entered usernames and passwords into the access server config for the users who will be required to authenticate. I have included a sample of each type of modem pool configuration at the bottom of this message.
I'm thinking that if I add the global command "aaa new-model" and the line config command "autoselect during-login" only on the lines I want to have authenticated it will cause users dialing in to those lines to have to authenticate before the autocommand will execute. However, I don't want everyone to have to authenticate.
The documentation on CCO that I've read at(http://www.cisco.com/warp/public/793/access_dial/modem_pooling.html) doesn't seem to support my assumption. Lines 3-5 in this example have only the modem InOut and autocommand statements. But the Introduction to this example states that the users connecting to this pool (3-5) will be autocommand telnetted to a specific host after they authenticate.
Is this documentation incomplete? Or am I missing something?
line 1 3
no motd-banner
no exec-banner
no flush-at-activation
autoselect during-login
no vacant-message
modem Dialin
modem autoconfigure type 1200bps
autocommand telnet HostA /quiet /noecho
transport preferred none
transport input all
transport output pad telnet rlogin udptn
escape-character NONE
no telnet speed 2400 38400
telnet transparent
autohangup
dispatch-timeout 250
line 4 8
no motd-banner
no exec-banner
no flush-at-activation
no vacant-message
modem Dialin
modem autoconfigure type sportster_mod
autocommand telnet HostB /quiet /noecho
transport preferred none
transport input all
transport output pad telnet rlogin udptn
escape-character NONE
telnet transparent
autohangup
dispatch-timeout 250
Regards,
Dan
08-05-2003 10:00 PM
There are two ways to do authentication with locally defined usernames and passwords:
1/ the 'old model'
line a b
! don't require login
no login
line c d
! use locally defined user & pass
login local
line e f
! use only password (no user) defined on the line
login
password mypass
2/ apply "aaa new-model", define 2 login authentication methods, and apply these to the line groups:
aaa new-model
aaa authentication login NOAUTH none
aaa authentication login USERPASS local
aaa authentication login LINEPASS line
line a b
login authentication NOAUTH
line c d
login authentication USERPASS
line e f
login authentication LINEPASS
Or in a simplified version (perhaps less readable):
aaa new-model
aaa authentication login NOAUTH none
aaa authentication login default local
aaa authentication login LINEPASS line
line a b
login authentication NOAUTH
line c d
! no login statement needed, will use default
line e f
login authentication LINEPASS
Note that this last example requires you to define a method also on the con, aux and vty lines unless you want these to use the default method.
"autoselect during-login" is not applicable here, since it is used only for slip or ppp connections.
Finally if you'll ever want to implement radius, tacacs+ or kerberos authentication you will need to use new-model.
hth
Herbert
08-06-2003 03:57 PM
Herbert,
Thank you again, my Belgian friend. With your assistance I was able to make the authentication work propoerly . . . so far.
Regards,
Dan
08-06-2003 10:21 PM
You're welcome, if I'm ever in PA I'll let you buy me a beer :-)
cheers
Herbert
PS: you could also do me (and other authors) a favor by rating the messages you find helpful.
08-07-2003 03:28 AM
It'a a deal.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide