cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2509
Views
15
Helpful
3
Replies
Highlighted
Beginner

How to disable AUX port in ASR 9010

Hi All,

How to disable the AUX port in ASR 9010. Inside "line aux" I can't configure anything except "login authentication" (which is used for aaa authentication).

Also after IOS XR 3.2 the configuration for AUX port has been removed

Platform used: ASR 9010

Version: IOS-XR 4.1.2

Best Regards

Saikat Chakraborty

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi Saikat,

No, we can not disable AUX.

Regards,

/A

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Hi Saikat,

No, we can not disable AUX.

Regards,

/A

View solution in original post

Highlighted

Hi,

Can you refuse/deny connection to aux port? like "transport input none/transport out none or any access-list for denial of access to aux port". It's being asked by my customer for IOS XR hardening checklist they have. If not possible, then I can give them a sufficient reasoning.

Best Regards

Saikat

Highlighted

Hi Saikat,

AUX has the same authentication method as we have on the system.  From this perspective, AUX is protected the same way as the Console port and only those who have an account can login via AUX (same way as via console). Any attempts to log on AUX will be logged:

Successful:

ksh[65902]: Successfully authenticated user 'XXX' for ksh access via 'aux' on '0/RSP0/CPU0'

Incorrect:

ksh[65902]: Failed authentication attempt by user 'YYY' for ksh access via 'aux' on '0/RSP0/CPU0

But if anyone has a physical access to the device, that would be even bigger threat compare to system protected AUX login.

BTW, tacacs authentication should work for AUX too. We’d need to define a template for it.

Example:

!

aaa authentication login tacacs_template group tacacs+ local

!

line template aux

      login authentication tacacs_template

!

Regards,

/A

Content for Community-Ad