Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
5
Helpful
4
Replies

Securing access to aux, con, vty

tsrstech
Level 1
Level 1

‎10-10-2004 09:57 AM - edited ‎03-09-2019 09:02 AM

1. I am wanting to know if a password is not set on a line aux or line con

for a Cisco router if that router can be logged onto without a password.

I know that if you DO NOT put a password on the line vty lines you will

not get a prompt to logon. i.e. cannot telnet to router.

For example, will the configuration below allow one to a logon without a password?

line aux 0

exec-timeout 15 0

2. Also, do you have to have the keyword login to get password prompt

for any line (vty, con or aux)?

For example, would you get prompted for password if have configuration below?

!

line con 0

exec-timeout 15 0

password 7 xxxxxxxxxx

line aux 0

exec-timeout 15 0

password 7 xxxxxxxxxx

length 25

line vty 0 4

access-class 10 in

exec-timeout 15 0

password 7 xxxxxxxxx

Thank you for your assistance!!

Labels:
0 Helpful
4 Replies 4

jimwelsh
Level 1
Level 1

‎10-10-2004 02:09 PM

I would refer you to the thread, "username prompt when telneting to a rtr" in this forum. These same topics are being discussed in that conversation.

I would also refer you to the docs for the "login" command:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ftersv_r/trflosho.htm#wp998262

The "no login" command allows login without a password. The "login" command will require a password (assuming one is set) on con or aux lines. Virtual Terminals require a password by default. The con or aux lines do not require a password by default.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jimwelsh

‎10-10-2004 04:03 PM

James

I apreciate your reference to the other thread in this forum (since my answers to the question are in that thread) and agree that it covers the same ground.

I thank you for the link you included. I will point out that the first thing that link says is that the traditional login command (which is what it is documenting) can NOT be used with AAA/TACACS. The reason that it can not be used is that AAA changes the behavior of the router and the vty ports are automatically subjected to the login procedure which generates the request for authentication data.

HTH

Rick

HTH

Rick
0 Helpful

tsrstech
Level 1
Level 1
In response to Richard Burts

‎10-10-2004 05:01 PM

Rick and James...thank you both for responding.

I appreciate your comments.

So to make sure I understand...

Rick,

Are you saying that if a router or switch has AAA configured, that there is then no need to use the command login on your vty, con and aux ports?

So a show run result that displays

vty 0 4 (aux 0 or con 0)

Password xxxxx

if AAA configured, will indeed still prompt for Password.

I thought you would still need to type login

to force password prompt. i.e Password authentication

Thank you.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to tsrstech

‎10-10-2004 05:44 PM

Yes I am saying that if a router has AAA configured that there is no need to use the command login on the vty, con, and aux ports.

In fact you not only do not need it, if you attempt to configure "login" on these ports you will get an error message that only the login authentication command is allowed.

Yes if a show run result that displays

vty 0 4 (aux 0 or con 0)

Password xxxxx

if AAA configured, the router will indeed still prompt for Password.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents