cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2141
Views
15
Helpful
3
Replies
Beginner

How to disable AUX port in ASR 9010

Hi All,

How to disable the AUX port in ASR 9010. Inside "line aux" I can't configure anything except "login authentication" (which is used for aaa authentication).

Also after IOS XR 3.2 the configuration for AUX port has been removed

Platform used: ASR 9010

Version: IOS-XR 4.1.2

Best Regards

Saikat Chakraborty

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

How to disable AUX port in ASR 9010

Hi Saikat,

No, we can not disable AUX.

Regards,

/A

3 REPLIES 3
Cisco Employee

How to disable AUX port in ASR 9010

Hi Saikat,

No, we can not disable AUX.

Regards,

/A

Highlighted
Beginner

Re: How to disable AUX port in ASR 9010

Hi,

Can you refuse/deny connection to aux port? like "transport input none/transport out none or any access-list for denial of access to aux port". It's being asked by my customer for IOS XR hardening checklist they have. If not possible, then I can give them a sufficient reasoning.

Best Regards

Saikat

Cisco Employee

Re: How to disable AUX port in ASR 9010

Hi Saikat,

AUX has the same authentication method as we have on the system.  From this perspective, AUX is protected the same way as the Console port and only those who have an account can login via AUX (same way as via console). Any attempts to log on AUX will be logged:

Successful:

ksh[65902]: Successfully authenticated user 'XXX' for ksh access via 'aux' on '0/RSP0/CPU0'

Incorrect:

ksh[65902]: Failed authentication attempt by user 'YYY' for ksh access via 'aux' on '0/RSP0/CPU0

But if anyone has a physical access to the device, that would be even bigger threat compare to system protected AUX login.

BTW, tacacs authentication should work for AUX too. We’d need to define a template for it.

Example:

!

aaa authentication login tacacs_template group tacacs+ local

!

line template aux

      login authentication tacacs_template

!

Regards,

/A

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards