- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2014 02:00 AM - edited 03-04-2019 11:43 PM
Hello,
I'm configuring a CISCO1921 router as a teminal server at the moment.
I used http://routing-bits.com/2008/09/30/cisco-terminal-server-with-menu-command/
as a config template and it works.
I just added ssh to access the router instead of Telnet.
But what's annoying:
Any time I choose from the menu to connect to a device via reverse Telnet, I'm getting a prompt for the router username and password.
Only after I enter them (the same ones I used to ssh to the router originally), I'm getting the prompt from the device I'm connecting to.
It seems to be a built-in feature of the aaa new-model command :-(
Even when I login to the router using a privilege 15 account and issue the reverseTelnet (=connect) command from the CLI, I have to fill the username/pwd again before being allowed to Telnet!
The only way I found so far was
Router(config)#aaa authentication login default none
which is not acceptable, of course.
When I try
Router(config)#no aaa new-model
I'm getting
"Changing configuration back to no aaa new-model is not supported.
Continue?[confirm]"
from the 15.4(1)T1 IOS.
Am I missing something?
Is there any way to get rid of this annoying filling the usernam/pwd all the time?
Thanks,
Milan
Solved! Go to Solution.
- Labels:
-
Other Routing
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2014 03:13 AM
Hi Milan,
I do not have a similar router and the proper HWIC here right now, but what I am thinking about is configuring a separate AAA auth list for exactly those lines that represent the HWIC serial ports. So for example, something like this:
aaa authentication login NOAUTH none
!
line 0/0/0 0/0/15
login authentication NOAUTH
You could eventually protect these lines with an access-class statement, preventing telnetting into them from outside.
Best regards,
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2014 03:13 AM
Hi Milan,
I do not have a similar router and the proper HWIC here right now, but what I am thinking about is configuring a separate AAA auth list for exactly those lines that represent the HWIC serial ports. So for example, something like this:
aaa authentication login NOAUTH none
!
line 0/0/0 0/0/15
login authentication NOAUTH
You could eventually protect these lines with an access-class statement, preventing telnetting into them from outside.
Best regards,
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2014 04:29 AM
Hi Peter,
great, seams to work!
(As usually when you advise something.)
I'll test more deeply but just connected without the annoying prompt, just an enter was necessary to get the prompt from the target device.
Thanks a lot,
Milan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2014 05:15 AM
Hi Milan,
Glad to have helped!
Best regards,
Peter
