aaa ?

philth_123_2 · ‎04-24-2008

Hi,

I have the following aaa config:

aaa new-model

aaa authentication login default group radius line

radius-server host 172.16.1.254

radius-server key WinRadius

line con 0

line vty 0 4

password line

My radius config is working fine but by default the aaa config is being applied to the console, tty's etc.

Is there a way to configure using aaa but not to use the console. i.e. apply aaa to all methods of connecting to the router/switch bar the console port ?

PS: I've tried here :

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

without success,

Regards,

Phil.

philth_123_2 · ‎04-24-2008

I've found it.

aaa authentication for-console local

Username local password local

line con 0

login authentication for-console

Phil.

Richard Burts · ‎04-24-2008

Phil

The simple answer to your question is that no there is not a way to have aaa apply to vty but not to console.

The more complex answer is that you can configure one aaa method to apply to vty (as you have done) and can configure another aaa method to apply to console.

If I can guess that you want the vty to authenticate with radius but want the console to just authenticate with its line password then you could try configuring this:

aaa authentication login consoleauth line

line con 0

login authentication consoleauth

This will allow the console to authenticate with its line password while the vty still authenticate with radius and use the line password as a backup if radius is not available.

HTH

Rick

HTH

Rick