Re: AAA NEW-MODEL

From: Pavel Bykov (slidersv@gmail.com)
Date: Mon Feb 02 2009 - 06:39:04 ARST

• Next message: Reza Toghraee: "RE: How to work on My Weak areas ?"
• Previous message: GAURAV MADAN: "Usage of "mls qos vlan-based""
• Next in thread: Sadiq Yakasai: "Re: AAA NEW-MODEL"
• Maybe reply: Sadiq Yakasai: "Re: AAA NEW-MODEL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I agree with Jared on that one. It really depends what is required of you.
For example if line login is supposed to be left at con0/vty/aux then
default method should be set to "line" because "none" would violate it.

On Thu, Jan 29, 2009 at 5:09 PM, Jared Scrivener <jscrivener@ipexpert.com>wrote:

> Hey Henro,
>
> Your safest option is to create a default AAA method for login that uses no
> authentication. That is slightly different from configuring it to have the
> same functionality as it would initially (where it would use line
> authentication).
>
> The wording of your question implies that you can't change the "initial
> configuration". In that case "aaa authentication login default none" would
> be your safest answer.
>
> If the wording was implying that the VTY lines must act as per normal then
> "aaa authentication login default line" would achieve that. However, you
> would then need to set a password on the line (which seems to violate the
> question wording). You'd also need to create a named method for the console
> which uses no authentication (or else you would quickly find yourself
> locked
> out).
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> henro
> Sent: Thursday, 29 January 2009 5:22 AM
> To: ccielab@groupstudy.com
> Subject: AAA NEW-MODEL
>
> Hello All,
>
> Whats the best way to implement aaa authentication without violating
> the lab requirement of not changing the line vty 0 4 initial
> configuration?
>
> Thank you.
>
> Henro
>
> --
> Sent from Gmail for mobile | mobile.google.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Pavel Bykov
----------------
Don't forget to help stopping the braindumps, use of which reduces value of
your certifications. Sign the petition at http://www.stopbraindumps.com/
Blogs and organic groups at http://www.ccie.net

• Next message: Reza Toghraee: "RE: How to work on My Weak areas ?"
• Previous message: GAURAV MADAN: "Usage of "mls qos vlan-based""
• Next in thread: Sadiq Yakasai: "Re: AAA NEW-MODEL"
• Maybe reply: Sadiq Yakasai: "Re: AAA NEW-MODEL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:09 ARST