Re: Difficult Req : vty use tacacs for enable password but

Thanks for clarifying as yes, I did misunderstand the goal.

Regards,
Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design)
Sent from my iPhone

On Oct 9, 2012, at 5:01 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:

> Jay,
> authentication on console and enable access are different services.
> (enable is also an authentication method, but that is not in play here)
> He wants to have different credentials to access the enable service when accessing the router via console and via vtys.
>
> -Carlos
>
> Jay McMickle @ 08/10/2012 22:28 -0300 dixit:
>> What about using enable for the line con?
>>
>> aaa authen login mycon enable
>> aaa
>> authen login myvty line
>> line con 0
>> login authen mycon
>> line vty 0 15
>> login
>> authen myvty
>> pass cisco
>> login priv 15
>>
>> This would use the enable for the
>> console, and cisco for the user mode, but take you right to priv 15.
>>
>> Regards,
>> Jay McMickle- 3x CCNP (R&S,Security,Design), CCIE #35355 (R&S)
>>
>> From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
>> To: Mohammad Mousa
>> <mohd-mousa_at_hotmail.com>
>> Cc: jay.mcmickle_at_yahoo.com; jeremy.cool14_at_gmail.com;
>> ccielab_at_groupstudy.com
>> Sent: Monday, October 8, 2012 11:01 AM
>> Subject: Re:
>> Difficult Req : vty use tacacs for enable password but console not using
>> tacacs for enable.??????
>>
>> I think that what he wants is console "enable"
>> password to be different.
>> I don't know if that's possible...
>> -Carlos
>>
>> Mohammad
>> Mousa @ 08/10/2012 12:55 -0300 dixit:
>>> Hi Jeremy, You can do it like this :
>> aaa new-model
>>> aaa authentication login MYCON line
>>> aaa authentication login
>> MYVTY enable
>>> line con 0
>>> login authentication MYCON
>>> line vty 0 4login
>> authentication MYVTY HTH,
>>>
>>>
>>>> Regards,
>>>> Jay McMickle- CCIE #35355 (RS),
>> 3x CCNP (RS,Security,Design)
>>>> Sent from my iPhone
>>>>
>>>> On Oct 8, 2012, at
>> 1:39 AM, jeremy co <jeremy.cool14_at_gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Is
>> there any way that I can get all of the vty lines usgin tacacs for
>>>>> enable
>> password but console excluded from this ?
>>>>>
>>>>>
>>>>> Problem is "aaa
>> authentication enable default .... " applies to "default"
>>>>> , so Im not sure
>> how to achieve this requirement.
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> Blogs and
>> organic groups at http://www.ccie.net
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups
>> at http://www.ccie.net/
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at
>> http://www.ccie.net/
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina

Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 09 2012 - 06:51:02 ART