02-01-2007 09:48 AM - edited 03-05-2019 02:06 PM
In my router (as with most) I have vty line 0 4 and vty line 5 15. I curious if i can have two different logons configured; i.e. 0 4 for tacacs and 5 15 for local. If so, I do I force a user who I want to login in local to hit the vty 5 15.
02-01-2007 09:56 AM
I believe this is possible. You would need to restrict access for vty 0 4 to a certain network or group of IP's etc., and then restrict access to lines 5 15 with an ACL permitting only the IP's you desire to authenticate locally.
Hope this helps.
Rich
02-01-2007 09:57 AM
Craig
It is certainly possible to configure vty 0 4 for tacacs and 5 15 for local. But guiding/forcing users to the right one is problematic. In general the router chooses the next available vty when there is an incoming connection, so vty 5 would be used only when 0 4 were busy.
I have read a description of configuring vty 5 15 with a rotary and telnetting with a specified port as a way of choosing the vty port. I have not done this and can not say how well it would work.
so while there is a theoretical way to get it to work, I suspect that the practical answer in reality is that it will not be feasible to do.
[edit: I had another thought that might work. If you configure vty 0 4 with transport input ssh and configure vty 5 15 with transport input telnet. Then you could have one group access with SSH and the other group access with telnet. I believe that this might work for you.]
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide