How to disable the AUX port in ASR 9010. Inside "line aux" I can't configure anything except "login authentication" (which is used for aaa authentication).
Also after IOS XR 3.2 the configuration for AUX port has been removed
Platform used: ASR 9010
Version: IOS-XR 4.1.2
Solved! Go to Solution.
Can you refuse/deny connection to aux port? like "transport input none/transport out none or any access-list for denial of access to aux port". It's being asked by my customer for IOS XR hardening checklist they have. If not possible, then I can give them a sufficient reasoning.
AUX has the same authentication method as we have on the system. From this perspective, AUX is protected the same way as the Console port and only those who have an account can login via AUX (same way as via console). Any attempts to log on AUX will be logged:
ksh: Successfully authenticated user 'XXX' for ksh access via 'aux' on '0/RSP0/CPU0'
ksh: Failed authentication attempt by user 'YYY' for ksh access via 'aux' on '0/RSP0/CPU0
But if anyone has a physical access to the device, that would be even bigger threat compare to system protected AUX login.
BTW, tacacs authentication should work for AUX too. We’d need to define a template for it.
aaa authentication login tacacs_template group tacacs+ local
line template aux
login authentication tacacs_template