RE: Dot1x - need "aaa authen login" for vty in Lab

From: Howard Hooper (Howard.Hooper@dupre.co.uk)
Date: Wed Dec 24 2008 - 08:56:40 ARST

• Next message: John Edom: "Re: Dot1x - need "aaa authen login" for vty in Lab"
• Previous message: John Edom: "Re: Dot1x - need "aaa authen login" for vty in Lab"
• Maybe in reply to: John Edom: "Dot1x - need "aaa authen login" for vty in Lab"
• Next in thread: John Edom: "Re: Dot1x - need "aaa authen login" for vty in Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi John

I always configure 'aaa authentication login default line' after
configuring 'aaa new-model' on a device, this will allow me to access
the device using the normal vty passwords as after entering the command
'aaa new-model' you will be asked for a username and password when next
trying to login.

This will also help to follow any requirements they may ask for in the
lab for example...'do not change the vty or console passwords', by using
the command 'aaa authentication login default line' you are still using
the original passwords they have entered

HTH

Howard

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Edom
Sent: 24 December 2008 10:31
To: Robert Steeneken
Cc: Cisco certification
Subject: Re: Dot1x - need "aaa authen login" for vty in Lab

May be we are confusing something but see on vty line i configured

line vty 0 4
pass cisco

now i telnet this router and it ask for line password that is cisco,
after
that i configure

aaa new-model
username abc pass xyz

and then telnet. this time i am getting username/Password prompt. when i
use
abc/xyz, i be able to login

please correct me if i am wrong

Regards

On Wed, Dec 24, 2008 at 2:07 PM, Robert Steeneken
<r.steeneken@gmail.com>wrote:

> as long as you don't use aaa authentication login or authentication
enable
> yours lines will not be affected, as I believe.
>
>
> On Wed, Dec 24, 2008 at 10:57 AM, John Edom <jedom123@gmail.com>
wrote:
>
>> but for this i configured "aaa new-model" that enable authentication
on
>> vty lines so default behavior of vty changed. Please correct me if i
am
>> wrong.
>>
>> Regards
>>
>>
>> On Wed, Dec 24, 2008 at 1:51 PM, Robert Steeneken
<r.steeneken@gmail.com>wrote:
>>
>>> For dot1x you use a separate aaa line ''aaa authentication dot1x''
so
>>> thats not used for vty etc.
>>>
>>> On Wed, Dec 24, 2008 at 10:27 AM, John Edom <jedom123@gmail.com>
wrote:
>>>
>>>> Hi,
>>>>
>>>> while configuring dot1x we add "aaa new-model" that enable
>>>> authentication on
>>>> vty lines also. So my question is in lab exam we need to configure
aaa
>>>> authen login with none and configure on vty lines. If yes then
there are
>>>> two
>>>> ways; first is configure "aaa authen login no-auth none" and then
>>>> configure
>>>> on vty and console using "login authen no-auth".
>>>> second way is configure "aaa authen login default none" so which
one is
>>>> best
>>>> in lab exam?
>>>>
>>>> Regards
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>>

• Next message: John Edom: "Re: Dot1x - need "aaa authen login" for vty in Lab"
• Previous message: John Edom: "Re: Dot1x - need "aaa authen login" for vty in Lab"
• Maybe in reply to: John Edom: "Dot1x - need "aaa authen login" for vty in Lab"
• Next in thread: John Edom: "Re: Dot1x - need "aaa authen login" for vty in Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:09 ARST