Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1757
Views
0
Helpful
3
Replies

819HG - Bypass the Line authentication to record NMEA5 GPS data

Cameron Sach
Level 1
Level 1

‎09-18-2012 08:39 PM

Device: C819HG+7-K9

To  enable GPS output via the Line we followed this procedure
http://www.cisco.com/en/US/docs/routers/access/800/819/software/configuration/Guide/3routconf.html#wp1182766

This successfully dumps the NMEA5 GPS  information via telnet port 2006
AUMPURO01#show line
Tty Typ Tx/Rx A Modem  Roty AccO AccI Uses Noise Overruns Int
0 CTY - - - - - 0 0 0/0 -
1 AUX 0/0  - - - - - 0 0 0/0 -
A 3 TTY - - - - - 0 0 0/0 Ce0
* 6 TTY - inout - - - 14  0 0/0 NMEA5
* 10 VTY - - - - - 2 0 0/0 -
11 VTY - - - - - 0 0 0/0 -
12  VTY - - - - - 0 0 0/0 -
13 VTY - - - - - 0 0 0/0 -
14 VTY - - - - - 0 0  0/0 -

To remove the login requirements on line 6 we created a group  called BYPASS and applied this to the Line 6 details. This enables the locally  connected device recording GPS updates to gain access without  credentials. The sortware provided by the 3rd party cannot script the authencation inputs

aaa new-model
aaa authentication login BYPASS  none

line 6
login authentication BYPASS
modem InOut
no  exec
transport input all
transport output all

Upon reboot the  command "login authentication BYPASS" is removed from running-config line 6 even  though it is still in the startup-config

AUMPURO01#show running-config |  begin line 6
line 6
modem InOut
no exec
transport input  all
transport output all
stopbits 1
speed 4800

AUMPURO01#show  startup-config | begin line 6
line 6
login authentication BYPASS
modem  InOut
no exec
transport input all
transport output all
stopbits  1
speed 4800

Any ideas on how to make this stick. Last process would be to create a macro to add the line back in the running config at startup.

Labels:
0 Helpful
3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

‎09-18-2012 10:44 PM

That is a bug, contact Cisco TAC to have it fixed.

Or, if possible, run no aaa new-model and no login on the line.

0 Helpful

Edward Swenson
Cisco Employee
Cisco Employee

‎12-14-2012 06:03 AM

Does the same problem occur when the modem is not connected ?

I'm trying to help someone recreate it.

0 Helpful

Cameron Sach
Level 1
Level 1
In response to Edward Swenson

‎04-15-2013 12:34 AM

In response;

We raised a case with TAC who ended up supplying us a few custom IOS's to try.

The problem is that the line 6 (GPS output) gets created by a command that is in the startup-config. Since line 6 doesn't exist until this occurs, and the protocol needs to be initalised, then this command will never be able to applied. (as line 6 doesn't exist)

The answer through TAC finally was to build a macro to add it in. We built one to add to the config 30 seconds after it can log into itself.

0 Helpful
Customers Also Viewed These Support Documents