AAA on Async lines

Hello

We have async lines between 2 sites in the flow of the type SCADA information

When we applied Ganymede AAA to routers, which was no problem until the lines are reset to zero so I guess that as EXEC sets up the connection it fails as no AAA authentication.

Due to criticallity of information I got AAA offshore of routers for now, but looking for a long-term solution.

I can config lines to locally authenticate using name of user/local password or even for these partcicular lines do not authenticate. ?

Any help appreciated

I had a situation that was somehow similar to yours. Maybe the solution I found might work for your situation. I got async lines I want to authenticate to a server group that was different from what telnet/SSH authentication used. I configured the aaa authentication default to use what I wanted on asynchronous lines. In your case, it can specify a local connection to use the local ID and password, or perhaps you can specify none as the authentication method. Then I've specified a method named authentication using the other server group and named on the vty lines authentication method.

HTH

Rick

Tags: Cisco Security

Similar Questions

Disable authentication for reverse Telnet over Async lines

I have a 2811 which behaves as a server terminal server with several line async being used to access the console. Whenever I open a telnet reversed on one lines always make me touching up for my credentials. Is there a way to eliminate the requirement of authentication, but only on the async for telnet lines reversed? I can disable in the world (which is not good) and I tried to enter "no authentication connection" under the respective lines async - but still, I wonder. Any thoughts? My current global and line config:

AAA new-model
AAA authentication login default local-case
authorization AAA console
AAA authorization exec default local
!

line 1/0 1 / 15
session-timeout 30
exec-timeout 30 0
No exec
transport telnet entry

I have not tried, but try something like below (which requires the aaa new-model):
```
aaa authentication login no-auth noneline 1/0 1/15  login authentication no-auth 
```

Excluding the lines of Terminal Server in the AAA authentication

Hi all

Hope you can help, I'm trying to find a solution to exclude only the following line port by using the AAA authentication (ACS GANYMEDE +) on a map of Terminal Server on a Cisco 2600 router. Does anyone know how to do this, or point me in the right direction to solve?

I've included the output below:

AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
AAA accounting default connection group power Ganymede
AAA accounting system default start-stop Ganymede group.
AAA - the id of the joint session

line 41
session-timeout 20
decoder location - XXXXXX XXXXXX BT
No banner motd
No exec-banner
absolute-timeout 240
Modem InOut
No exec
transport of entry all
StopBits 1
Speed 38400

Is it a question of disabling the command line or using a defined group?

Thanks a lot for your help.

Jim.

Hi Jim

You may need to create another group for authentication to the and send your AAA configuration

line to 0

connection of authentication aux_auth

AAA authentication login aux_auth line

You can also configure a username local/pw and map it on the group to here...

Console and telnet would still use the configured default group, or you can specify specific groups:

Line con 0

console login authentication

line 4 vty0

vty authentication login

and specify the aaa authentication settings individually...

I hope this helps... all the best

REDA

No aaa new-model in the config

Hi all.

First Cisco router and first post so please be gentle.

I did a search on it and I get the same as in the post that see the deliverance

Router (config) aaa new-model #no

IOS 12.4 (24)

I erased the router and when I got it.

I had configuration, a little as I wanted as a reference point.

I saved.

I then started to work on the wireless part of the walk through is because:

Router (config) #aaa new-model

Router (config) #.

So, I went back and tried to erase this line in the config file.

Yes, I did:

Router (config) aaa new-model #no

Router (config) #exit

router #wr

See the router # running

I continue to see the no aaa new-model line in the config.

So I erased the whole thing to help:

router #write clear

and

router #reload

said no to save and then default to the last question.

All recharged and it seemed to be back as before, but then exits show run this OK not how long I erase and reload:

Router > en
Router #show run
Building configuration...

Current configuration: 1331 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot-end-marker
!
forest-meter operation of syslog messages
!
No aaa new-model
!
!
dot11 syslog
IP source-route
!
!
!
!
IP cef
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
!
!
Archives
The config log
hidekeys
!
!
!
!
!
interface Dot11Radio0
no ip address
Shutdown
base speed - 1.0 2.0 basic basic-5, 5 6.0 9.0 basic-11, 0 12.0 18.0 24.0 36.0 48.0 54.0
root of station-role
!
interface Dot11Radio1
no ip address
Shutdown
Speed - Basic6.0 9.0 basic - 12.0 18.0 basic-24, 0-36.0 48.0 54.0
-More-
* 23:40:09.207 Jan 16: % LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, modified root of station-s role
!
interface FastEthernet0
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet1
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
FastEthernet6 interface
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
no ip address
!
interface Async1
no ip address
encapsulation sheet
!
IP forward-Protocol ND
no ip address of the http server
no ip http secure server
!
!
!
!
!
!
!
!
!
control plan
!
!
Line con 0
line 1
Modem InOut
StopBits 1
Speed 115200
FlowControl hardware
line to 0
line vty 0 4
opening of session
!
end

Is there a way to remove that line from the config, or it is stuck and if stuck is there any effect of him?

Thank you very much

Maurice

Hello Maurice.

Just to confirm: you want the 'no aaa new-model' command to be removed from your config? If so, this is the default when AAA is disabled on the device. If you want to enable AAA, then just run the same command without the 'no '.
```
 aaa new-model
```
Then save your config:
```
 write mem
```
For more information about this and other controls, you can reference 'Command search tool' Cisco

https://Tools.Cisco.com/support/CLILookup/cltSearchAction.do

I hope this helps!

Thank you for evaluating useful messages!

Control access to the network with ACS device

Hi all!

I currently have in place an Appliance, Cisco Secure ACS using Windows as main server authentication. Cisco Secure acts as a GANYMEDE server +. I have two groups defined in Cisco Secure: Netadmins and security ITD. Users of the Netadmins group need access to all switches and routers on the network. ITD security must only access async line 53 on a router 2611 for a band of a firewall and no other access to all network devices offline. How can I limit access to the Cisco Secure security ITD group to line 53 only?

My current config on this router is:

AAA new-model

AAA authentication login netadmins group Ganymede + line

connection ITDSEC authentication group Ganymede + line of AAA.

RADIUS-server host 10.30.X.X

RADIUS-server host 10.18.X.X

key radius-server XXXXXXX

line 53

No exec

authentication of the connection ITDSEC

transport of entry all

StopBits 1

Speed 115200

line vty 0 4

exec-timeout 30 0

login timeout 120 response

login authentication netadmins

but users in the ITD security can still access by vty and then reverse telnet to any asynchronous line on the router. In addition, security ITD always access any switch or router using telnet: what should be my setup on these devices? I do an ACS configuration?

All other devices:

AAA new-model

AAA authentication login netadmins group Ganymede + line

RADIUS-server host 10.30.X.X

RADIUS-server host 10.18.X.X

key radius-server XXXXXXX

Line con 0

password 7 141C015C5806

login authentication netadmins

line vty 0 4

password 7 11020A 524310

login authentication netadmins

line vty 5 15

password 7 11020A 524310

login authentication netadmins

Any help will be greatly appreciated.

Hello

In the security group, I would create a Restriction of access to IP network with an entry permit. Essentially to allow access to the single port on 2611 only.

The AAA Client field is the name that you gave to the 2611 in the network config. Address will be * unless you want to restrict access to the ip or address. Port... never quite sure with async if the port value must be "async 53" or "line 53".

If you look in the pass/fail for the nas-port attribute, you'll see what that T + sends to the ACS. This should help you know what to put in the NAR.

Mounira

VLAN routing when you use a dell computer 6224

Hello

I have a dell switch 6224 with 2 VLANS.

Management-192.168.1.111/24 Ports 1/g1-1 / g12

Vlan150-192.168.150.111/24 Ports 1/g13-1 / g24

I have two ports on the router with the ip address to communicate with the switch (192.168.1.2 and 192.168.150.2). Vlan1 works very well without any problems. I can ping from 192.168.150.2 to 192.168.150.111. I set up the laptop with the ip 192.168.150.113 and plugged in the Vlan150 on port 1/g19. I can not ping to 192.168.150.113 192.168.150.2. The traffic is not going through the Vlan150 in the switch.

What Miss me? This is my first time setting up a VLAN on these switches. Help, please.

Config

console #show running-config

! Current configuration:

! Description of the system "PowerConnect 6224, 3.3.8.2, VxWorks 6.5.

! 3.3.8.2 system software version

! Passage mode is configured as disabled

!

Configure

database of VLAN

VLAN 150

VLAN 150 1 routing

subnet of VLAN association 192.168.150.0 255.255.255.0 150

output

battery

1 1 member

output

192.168.1.111 IP address 255.255.255.0

by default-gateway IP 192.168.1.2

IP routing

interface vlan 150

name "VLAN150".

Routing

IP 192.168.150.111 255.255.255.0

output

level of 00436d6ae2ed27bbe87fa24b73b5a249 user name 'admin' password encrypted 15

line of AAA authentication login "defaultList".

the AAA authentication enable line 'enableList '.

line console

00436d6ae2ed27bbe87fa24b73b5a249 encrypted password

output

line telnet

connection of authentication defaultList

00436d6ae2ed27bbe87fa24b73b5a249 encrypted password

output

ssh line

connection of authentication defaultList

00436d6ae2ed27bbe87fa24b73b5a249 encrypted password

output

!

interface ethernet 1/g1

switchport mode general

output

!

interface ethernet 1/g2

switchport mode general

output

!

interface ethernet 1/g3

switchport mode general

output

!

interface ethernet 1/g4

switchport mode general

output

!

interface ethernet 1/g5

switchport mode general

output

!

interface ethernet 1/g6

switchport mode general

output

!

interface ethernet 1/g7

switchport mode general

output

!

interface ethernet 1/g8

switchport mode general

output

!

interface ethernet 1/g9

switchport mode general

output

!

interface ethernet 1/g10

switchport mode general

output

!

interface ethernet 1/g11

switchport mode general

output

!

interface ethernet 1/g12

switchport mode general

output

!

interface ethernet 1/g13

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g14

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g15

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g16

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g17

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g18

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g19

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g20

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g21

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g22

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g23

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

!

interface ethernet 1/g24

switchport mode general

VLAN allowed switchport General add 150

switchport vlan allowed General remove 1

output

activate 00436d6ae2ed27bbe87fa24b73b5a249 encrypted password

output

Hello

The laptop is probably sending unmarked packages and so you need to change the PVID on the interface so that the unmarked packages are assigned to 150 of VLAN.

switchport General pvid 150

FTP://FTP.Dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/PowerConnect-6248_Reference%20Guide_en-us.PDF page 600

Password required but no defined (ssh)

Hello

I'm stumped... I have several 3750 switches x (IOS 15.0 (2) SE4) configured for authentication with NPS (RADIUS). When I ssh in these switches, I can authenticate via Radius successfully. However, when I type activate, I get this message: password required, but none set... password: __________. He will accept my password to enable problem-free.

I 3750 g switches and do not encounter this message when you type in my password to enable.

I'm trying to understand what generated this message. This is my setup for aaa loging and line vty:

encryption password service

AAA new-model

AAA authentication login default group RADIUS local-case

RADIUS group AAA authorization exec default authenticated if

AAA - the id of the joint session

password for admin1 privilege 0 [email protected]username / * / username //changed and password

enable secret 5 *.

line vty 0 4

session-timeout 10

Synchronous recording

preferred no transport

entry ssh transport

transport of output no

Thank you

Bedside

Bedside

It is a bit of a strange behavior. I suspect it has something to do with the IOS 15.0 changes.

I think part of the problem is that you have not provided any aaa commands of authentication for access to activate the mode. If you want to control access to activate the mode through RADIUS similar to what you do for the user mode? Or you just want to use the enable password. I think if you put that in the configuration that he could solve this problem. It might look like this if you want to use radius

AAA authentication enable default group enable RADIUS

or it might look like this if you want just the enable password

the AAA authentication enable default

One of them give it a try and tell us if it helps.

HTH

Rick

Cannot establish connection/local authorization on 6500's

I have a need to allow a small group of level-15 users temporary access to several 6500

switches (12.2 - 33 SXJ2 code execution), but do not want to provide the password secret enable that is used on the

the rest of the network (over 1200 devices). I tried to eliminate the AAA using the command "no aaa new-model", but I was told that I could not remove aaa while there are active sessions, and 'local connection' appeared more as an option for the vty lines. So, I created a database of local user, called the 'support' that I used to replace the entry 'group' in sections of the authentication and authorization of our AAA config and connection on vty 0 4.

[The username is given a privilege level of 15 with an individual password for authentication. (e.g. username privilege 15 password 0 xxxxx jsmith)]

I changed our AAA configuration to support the local login, but could not establish a "mode" (i.e. the prompt #) with any account. I have

can log on locally, but only to a normal "user mode" (i.e. > prompt).

Here is the config current, modified, and sanitized for our AAA sections and line vty 0 4. Please tell me what needs

for the stay, and what to go. Thank you!

P.S.: for reasons of security, we want to track individual activity, so need the accounting AAA part to stay.

AAA new-model
AAA server Ganymede group + XXXXXX
Server xxx.xxx.xxx.xxx
Server xxx.xxx.xxx.xxx
!
enable AAA authentication login default group XXXXXX
the AAA authentication enable default
default AAA authorization exec XXXXXX group no
AAA authorization commands 15 default authenticated if
AAA authorization network default group XXXXXX no
authorization AAA MLPPP-PPP network no
MLPPP AAA authorization network no
AAA accounting exec by default start-stop group XXXXXX
AAA accounting command 15 default start-stop group XXXXXX
AAA accounting network default start-stop group XXXXXX
AAA accounting connection by default start-stop group XXXXXX
AAA accounting system by default start-stop group XXXXXX
!
line vty 0 4
access-class 75
exec-timeout 15 0
privilege level 0
password 7 xxxxxxxxxxxxxxxxxxx
entry ssh transport

I'll have to probably more information until I can provide more help but since I see in the snip-it, you have configured aaa and your AAA server is a GANYMEDE server +. If this is the case you should keep in mind the following:

1. If the authentication/authorization commands refer to the GANYMEDE group + then you will need to add a 'local' at the end of the command. This will allow local accounts to use when the AAA server is down/unavailable

2. keep in mind that local users will ONLY be used when the AAA server is down/unavailable. You cannot have a mixture of the two

Question, since you have a GANYMEDE server +, why don't you just create temporary accounts directly on the server GANYMEDE + accounts vs local? You can get very granular like that and don't allow some commands on some devices, during a certain time of day, etc...

I hope this helps and thank you for the rating!

4.2 authorization control ACS

Hello world

This is my first post. And I'm not quite sure if this is the right place so that's

I have several cisco devices and I want my nationalities have limited access in which they are allowed only to specific orders. So I put in place a 4.2 ACS in place with the user authenticated accounts against active directory.

IM done with the authentication part and its works perfectly (I guess). I create three user group where I attached a command authorization sets

Shell command authorization sets

GROUP-80

Allow orders (the rest are denied)

Show *.

activate *.

Configure *.

end *.

output *.

GROUP-90

Refuse orders

Clears the configuration *.

user name *.

no user name *.

RADIUS-server *.

no RADIUS server *.

AAA *.

No aaa *.

line *.

No line *.

GROUP-100

Allow all the

The IOS configuration

AAA new-model

AAA authentication login default local

AAA authentication login alors1 group Ganymede + local

AAA authorization exec THOR1 group Ganymede + local

AAA - the id of the joint session

AAA authentication login alors1 group Ganymede + local

AAA authorization exec THOR1 group Ganymede + local

RADIUS-server host 172.16.8.115 single-connection

RADIUS-server host 172.16.8.112 single-connection

RADIUS-server key 7 0300520C0F1B204F4F0A0A54

line vty 0 4

access-class 50

privilege level 15

exec authorization THOR1

connection alors1 authentication

entry ssh transport

Use this command on your router/switch

AAA authorization config-commands

http://www.Cisco.com/en/us/docs/iOS/12_0/Security/command/reference/srau...

Sent by Cisco Support technique iPad App

Cisco 876: political phase 2 SA is not acceptable!

Hello!

I want to configure a Cisco VPN Client vpn tunnel in the internet on a fritzbox to Cisco 876 (Version 15.1 (4) M3) so that the vpn tunnel is connected to the Cisco 876.

For this reason I used the command "map mymap crypto" fastethernet int 1. When I try to connect, the VPN Client opens the user name and password but then stops with the message "not connected". When I "debug crypto isakmp" Cisco 876 displays the message:

"phase 2 policy is not acceptable."

Here is the output of "show run":

See the race

Building configuration...

Current configuration: 1993 bytes

!

version 15.1

no service button

horodateurs service debug datetime msec

Log service timestamps datetime msec

no password encryption service

!

hostname Fernwartung

!

boot-start-marker

boot-end-marker

!

!

enable password xxxx

!

AAA new-model

!

!

AAA authentication login AutClient local

yyyyyyy AAA authentication login line

AAA authorization groupauthor LAN

!

!

!

!

!

AAA - the id of the joint session

Crypto pki token removal timeout default 0

!

!

dot11 syslog

IP source-route

!

!

!

IP cef

!

!

!

!

VTP transparent mode

username password yyyyyyy-group 0 zzzzzzz

!

!

VLAN 101

!

!

!

!

crypto ISAKMP policy 10

BA 3des

preshared authentication

Group 2

!

ISAKMP crypto client configuration group yyyyyyy

zzzzzzz key

pool ippool

Crypto isakmp VPNclient profile

yyyyyyy group identity match

client authentication list AutClient

ISAKMP authorization list groupauthor

client configuration address respond

!

!

Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

!

Crypto-map dynamic dynmap 5

Set transform-set RIGHT

Define VPNclient isakmp-profile

!

!

map mymap 10-isakmp ipsec crypto dynamic dynmap

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

Shutdown

!

ATM0 interface

no ip address

Shutdown

No atm ilmi-keepalive

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

switchport access vlan 101

no ip address

crypto mymap map

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

IP address

IP access-group 103 to

!

interface Vlan101

IP address

!

IP local pool ippool

IP forward-Protocol ND

no ip address of the http server

no ip http secure server

!

IP route 0.0.0.0 0.0.0.0

!

access-list 103 permit ip host host Journal

!

!

!

!

!

!

control plan

!

!

Line con 0

password xxxxxxx

login authentication yyyyyyy

no activation of the modem

line to 0

line vty 0 4

transport of entry all

!

end

Any help would be appreciated. Thank you very much for your help!

Crypto card must be applied to the interface VLAN, not the physical interface.

You must apply for a card encryption on Vlan101

java.lang.Exception: ORA-01017: name of user and password invalid. connection refused - wait_bottlenecks

Hello
I have been using OEM for the monitoring of the database. Recently, I've seen more error on screen
java.lang.Exception: ORA-01017: name of user and password invalid. connection refused - wait_bottlenecks
So I reset password with the same value to reopen. I still get this error.

When I try to sign in with the same password in sqlplus, I get same error also.

SQL > alter user DBSNMP identified by the values '-';
Modified user.
SQL > connect DBSNMP.
ERROR:
ORA-01017: name of user and password invalid. connection refused

I don't know why I'm not able to login with the same password I used to change the statement.

Thanks for the help in advance.

Let's not your syntax.

When you say 'identified by values' you tell Oracle 'this is not the password, but it is a salted and hashed password.

Do not use 'values '.

Technically,-is not a password valid, so I'll use it valid to demonstrate:

In 12.1.0.2, it will not allow you to use '-' because this isn't a valid hash value, so I can't prove that it works, but you get the idea
```
SQL> grant create session to foo;                     

Grant succeeded.                                     

SQL> conn foo/aaa$
Connected.
SQL> conn / as sysdba
Connected.
SQL> drop user foo cascade;                           

User dropped.                                         

SQL> create user foo identified by values 'aaa$';
create user foo identified by values 'aaa$'
*
ERROR at line 1:
ORA-02153: invalid VALUES password string             

SQL> create user foo identified by aaa$;             

User created.                                         

SQL> alter user foo identified by values 'aaa$';
alter user foo identified by values 'aaa$'
*
ERROR at line 1:
ORA-02153: invalid VALUES password string             

SQL> alter user foo identified by values '---';
alter user foo identified by values '---'
*
ERROR at line 1:
ORA-02153: invalid VALUES password string
```

Issue of AAA - Line Con 0 = login authentication (password)

Good afternoon everyone,

A simple nice for someone I am sure... I only of remote access to the network kit and therefore cannot test access to the Console.

I have a switch with the following configuration (excerpt)

!

Password username Admin Password123

!

AAA new-model

AAA authentication default login group Ganymede + local

!

Line con 0

Cisco connection authentication (where cisco is representative of a password)

NOTE: I have not username cisco password Admin in global config

My question is: with this current config access Console will stop using the configuration of default Ganymede for authentication and don't allow access to the line of the console if the cisco password is specified? In this case that the password is not defined in a global access, would be denied?

I've seen it before where you have exactly the same set up, but instead of referring to a value of password on the console line, you specify a list of names. For example, authentication of connection local CONSOLE_USERS, which would make sense, because you would be referring to a group on the Ganymede server named CONSOLE_USERS and only users defined in this group could access through the console, while the ACS server is running!

Any assistnace appreciated as I really want to get my head around ACS unconditionally

Thanks in advance

David

Yes, David, you can safetly delete this "authentication to connect cisco" line con 0.

About radius server take a look on:

http://www.shrubbery.NET/tac_plus/

On the radius server, I recommend freeradius for these tests.

(there much capacity of fever, then cisco ACS, but it can allow you easy test of the basic functions)

---

Michal

The AAA authentication not working method and 'by default' list

Guys,

I hope someone can help me here to the problem of the AAA. I copied the configuration and debugging below. The router keeps using username/password local name even if the ACS servers are accessible and functional. To debug, it seems he keeps using the method list 'default' ignoring GANYMEDE config. Any help will be appreciated

Config

**********************************

AAA new-model

!

username admin privilege 15 secret 5 xxxxxxxxxx.

!

AAA authentication login default group Ganymede + local

the AAA authentication enable default group Ganymede + activate

authorization AAA console

AAA authorization exec default group Ganymede + local

AAA authorization commands 15 default group Ganymede + local

AAA authorization default reverse-access group Ganymede + local

orders accounting AAA 0 arrhythmic default group Ganymede +.

orders accounting AAA 15 by default start-stop Ganymede group.

Default connection accounting AAA power Ganymede group.

!

AAA - the id of the joint session

!

RADIUS-server host x.x.x.x

RADIUS-server host x.x.x.x

RADIUS-server host x.x.x.x

RADIUS-server host x.x.x.x

RADIUS-server application made

RADIUS-server key 7 0006140E54xxxxxxxxxx

!

Ganymede IP interface-source Vlan200

***************************

Debugs

002344: 5 Dec 01:36:03.087 ICT: AAA/BIND (00000022): link i / f

002345: Dec 5 01:36:03.087 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".

002346: Dec 5 01:36:11.080 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".

core01 #.

002347: Dec 5 01:36:59.404 ICT: AAA: analyze name = tty0 BID type =-1 ATS = - 1

002348: Dec 5 01:36:59.404 ICT: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot

002349: Dec 5 01:36:59.404 ICT: AAA/MEMORY: create_user (0 x 6526934) user = "admin" ruser = "core01" ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = NONE priv = 15 initial_task_id = '0', vrf = (id = 0)

002350: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): Port = "tty0" list = "service = CMD

002351: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/CMD: tty0 (2162495688) user = "admin".

002352: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send service AV = shell

002353: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd = AV set up

002354: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send AV terminal = cmd - arg

002355: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd - arg = AV

002356: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): found the 'default' list

002357: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = Ganymede + (Ganymede +)

002358: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): user = admin

002359: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send service AV = shell

002360: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd = AV set up

002361: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send AV terminal = cmd - arg

002362: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd - arg = AV

Enter configuration commands, one per line. End with CNTL/Z.

core01 (config) #.

002363: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): permission post = ERROR

002364: Dec 5 01:37:04.261 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = LOCAL

002365: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): position of authorization = PASS_ADD

002366: Dec 5 01:37:04.261 ICT: AAA/MEMORY: free_user (0 x 6526934) user = "admin" ruser = "core01" port = "tty0" rem_addr = "async" authen_type = ASCII service = NONE priv = 15

core01 (config) #.

Ganymede + accessible servers use source vlan 200. Also in the Ganymede server + can you check if the IP address for this device is configured correctly and also please check the pwd on the server and the game of this device.

As rick suggested sh Ganymede would be good as well. That would show the failures and the successes

HTH

Kishore

AAA with Catalyst 2950 switch

I have a Cisco ACS 4.2 on Windows 2003. Authentication works very well for various cisco as the routers, VPN etc Hub devices

Today, I added a 48-Port L2 switch as a client of the AAA authentication works well. However, I see several connection attempts that have failed this L2 switch with the user 'C '.

Message Type: Authentic failed

Caller ID: async

Authentic-failure-Code: external DB invalid or wrong password user

NAS-Port: tty0

What is causing this connection failed?

If the port console switch generating errors of parasitic connection is connected to a device offering remote access to the console port, then it is likely that an output of this unit is causing the false connection attempt.

If this device is an IOS router with a bunch of asynchronous ports add "no exec" to the line connected to the switch console port.

Scan of a file only works on the first line

Hello

I'm new to Labview (see 8.6) and I'm running on this problem.

I use the Scan of a file to get a certain amount of information for the installation of test.txt. The data of the file looks like this:

AAA 1

BBB 2

REC 3

I noticed that the Scan of the file works for only the first line. Trying to get data that are not in the first line results in an error 85.

Any ideas? Thank you

It's all in what the scan of the file reads, and what is the next cgaracter in the file.

Your first analysis of the file reads up to but NOT including the first newline in the file.

The second read readings where the first reading was arrested and is expected to see 'B' as the next character, but sees the new line instead, and if the analysis fails. You must specify second reading formatted to await the return line.

You can do this by making the FIRST character of the format string space, that will tell it to expect a number any of charaters 'white space '.

Yo can indeed put a space at the beginning of the format string in your first analysis of the file and it will match with zero white space characters before you see the AAA. By doing this he also tolerate to see the spaces and tabs before your AAA or BBB identifiers.

Rod.

AAA on Async lines

Similar Questions

Maybe you are looking for