09-30-2012 09:30 PM
Hi All,
How to disable the AUX port in ASR 9010. Inside "line aux" I can't configure anything except "login authentication" (which is used for aaa authentication).
Also after IOS XR 3.2 the configuration for AUX port has been removed
Platform used: ASR 9010
Version: IOS-XR 4.1.2
Best Regards
Saikat Chakraborty
Solved! Go to Solution.
09-30-2012 11:11 PM
09-30-2012 11:11 PM
Hi Saikat,
No, we can not disable AUX.
Regards,
/A
10-01-2012 01:38 AM
Hi,
Can you refuse/deny connection to aux port? like "transport input none/transport out none or any access-list for denial of access to aux port". It's being asked by my customer for IOS XR hardening checklist they have. If not possible, then I can give them a sufficient reasoning.
Best Regards
Saikat
10-01-2012 02:16 AM
Hi Saikat,
AUX has the same authentication method as we have on the system. From this perspective, AUX is protected the same way as the Console port and only those who have an account can login via AUX (same way as via console). Any attempts to log on AUX will be logged:
Successful:
ksh[65902]: Successfully authenticated user 'XXX' for ksh access via 'aux' on '0/RSP0/CPU0'
Incorrect:
ksh[65902]: Failed authentication attempt by user 'YYY' for ksh access via 'aux' on '0/RSP0/CPU0
But if anyone has a physical access to the device, that would be even bigger threat compare to system protected AUX login.
BTW, tacacs authentication should work for AUX too. We’d need to define a template for it.
Example:
!
aaa authentication login tacacs_template group tacacs+ local
!
line template aux
login authentication tacacs_template
!
Regards,
/A
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide