10-08-2012 02:58 AM - edited 03-10-2019 07:38 PM
aaa new-model
aaa authentication login default local
username aaa password aaa
username bbb password bbb
user aaa should have ssh and telnet access.
user bbb is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in user exec mode.
i also can not apply access-class on vty lines because i am loging in device from different places ,and dont know exact ranges of ip address to create access-list
radius and tacacs is not option for me
what can be done in order to restrict user bbb from ssh and telnet access ?
10-08-2012 10:13 PM
I have not tested it but it seems to me that something like this might accomplish your requirements
User aaa password aaa privilege 0
HTH
Rick
Sent from Cisco Technical Support iPhone App4F7388
10-08-2012 10:16 PM
OK. I did not clearly remember the OP description of aaa and bbb. So for bbb to only have VPN access try
User bbb password bbb privilege 0
HTH
Rick
Sent from Cisco Technical Support iPhone App
10-09-2012 01:11 AM
username bbb privilege 0 password bbb
it doesnot solvs issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide