AAA on Async lines
Hello
We have async lines between 2 sites in the flow of the type SCADA information
When we applied Ganymede AAA to routers, which was no problem until the lines are reset to zero so I guess that as EXEC sets up the connection it fails as no AAA authentication.
Due to criticallity of information I got AAA offshore of routers for now, but looking for a long-term solution.
I can config lines to locally authenticate using name of user/local password or even for these partcicular lines do not authenticate. ?
Any help appreciated
I had a situation that was somehow similar to yours. Maybe the solution I found might work for your situation. I got async lines I want to authenticate to a server group that was different from what telnet/SSH authentication used. I configured the aaa authentication default to use what I wanted on asynchronous lines. In your case, it can specify a local connection to use the local ID and password, or perhaps you can specify none as the authentication method. Then I've specified a method named authentication using the other server group and named on the vty lines authentication method.
HTH
Rick
Tags: Cisco Security
Similar Questions
-
Disable authentication for reverse Telnet over Async lines
I have a 2811 which behaves as a server terminal server with several line async being used to access the console. Whenever I open a telnet reversed on one lines always make me touching up for my credentials. Is there a way to eliminate the requirement of authentication, but only on the async for telnet lines reversed? I can disable in the world (which is not good) and I tried to enter "no authentication connection" under the respective lines async - but still, I wonder. Any thoughts? My current global and line config:
AAA new-model
AAA authentication login default local-case
authorization AAA console
AAA authorization exec default local
!line 1/0 1 / 15
session-timeout 30
exec-timeout 30 0
No exec
transport telnet entryI have not tried, but try something like below (which requires the aaa new-model):
aaa authentication login no-auth noneline 1/0 1/15 login authentication no-auth
-
Excluding the lines of Terminal Server in the AAA authentication
Hi all
Hope you can help, I'm trying to find a solution to exclude only the following line port by using the AAA authentication (ACS GANYMEDE +) on a map of Terminal Server on a Cisco 2600 router. Does anyone know how to do this, or point me in the right direction to solve?
I've included the output below:
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
AAA accounting default connection group power Ganymede
AAA accounting system default start-stop Ganymede group.
AAA - the id of the joint sessionline 41
session-timeout 20
decoder location - XXXXXX XXXXXX BT
No banner motd
No exec-banner
absolute-timeout 240
Modem InOut
No exec
transport of entry all
StopBits 1
Speed 38400Is it a question of disabling the command line or using a defined group?
Thanks a lot for your help.
Jim.
Hi Jim
You may need to create another group for authentication to the and send your AAA configuration
line to 0
connection of authentication aux_auth
AAA authentication login aux_auth line
You can also configure a username local/pw and map it on the group to here...
Console and telnet would still use the configured default group, or you can specify specific groups:
Line con 0
console login authentication
line 4 vty0
vty authentication login
and specify the aaa authentication settings individually...
I hope this helps... all the best
REDA
-
No aaa new-model in the config
Hi all.
First Cisco router and first post so please be gentle.
I did a search on it and I get the same as in the post that see the deliverance
Router (config) aaa new-model #no
IOS 12.4 (24)
I erased the router and when I got it.
I had configuration, a little as I wanted as a reference point.
I saved.
I then started to work on the wireless part of the walk through is because:
Router (config) #aaa new-model
Router (config) #.
So, I went back and tried to erase this line in the config file.
Yes, I did:
Router (config) aaa new-model #no
Router (config) #exit
router #wr
See the router # running
I continue to see the no aaa new-model line in the config.
So I erased the whole thing to help:
router #write clear
and
router #reload
said no to save and then default to the last question.
All recharged and it seemed to be back as before, but then exits show run this OK not how long I erase and reload:
Router > en
Router #show run
Building configuration...Current configuration: 1331 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot-end-marker
!
forest-meter operation of syslog messages
!
No aaa new-model
!
!
dot11 syslog
IP source-route
!
!
!
!
IP cef
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
!
!
Archives
The config log
hidekeys
!
!
!
!
!
interface Dot11Radio0
no ip address
Shutdown
base speed - 1.0 2.0 basic basic-5, 5 6.0 9.0 basic-11, 0 12.0 18.0 24.0 36.0 48.0 54.0
root of station-role
!
interface Dot11Radio1
no ip address
Shutdown
Speed - Basic6.0 9.0 basic - 12.0 18.0 basic-24, 0-36.0 48.0 54.0
-More-
* 23:40:09.207 Jan 16: % LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, modified root of station-s role
!
interface FastEthernet0
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet1
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
FastEthernet6 interface
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
no ip address
!
interface Async1
no ip address
encapsulation sheet
!
IP forward-Protocol ND
no ip address of the http server
no ip http secure server
!
!
!
!
!
!
!
!
!
control plan
!
!
Line con 0
line 1
Modem InOut
StopBits 1
Speed 115200
FlowControl hardware
line to 0
line vty 0 4
opening of session
!
endIs there a way to remove that line from the config, or it is stuck and if stuck is there any effect of him?
Thank you very much
Maurice
Hello Maurice.
Just to confirm: you want the 'no aaa new-model' command to be removed from your config? If so, this is the default when AAA is disabled on the device. If you want to enable AAA, then just run the same command without the 'no '.
aaa new-model
Then save your config:
write mem
For more information about this and other controls, you can reference 'Command search tool' Cisco
https://Tools.Cisco.com/support/CLILookup/cltSearchAction.do
I hope this helps!
Thank you for evaluating useful messages!
-
Control access to the network with ACS device
Hi all!
I currently have in place an Appliance, Cisco Secure ACS using Windows as main server authentication. Cisco Secure acts as a GANYMEDE server +. I have two groups defined in Cisco Secure: Netadmins and security ITD. Users of the Netadmins group need access to all switches and routers on the network. ITD security must only access async line 53 on a router 2611 for a band of a firewall and no other access to all network devices offline. How can I limit access to the Cisco Secure security ITD group to line 53 only?
My current config on this router is:
AAA new-model
AAA authentication login netadmins group Ganymede + line
connection ITDSEC authentication group Ganymede + line of AAA.
RADIUS-server host 10.30.X.X
RADIUS-server host 10.18.X.X
key radius-server XXXXXXX
line 53
No exec
authentication of the connection ITDSEC
transport of entry all
StopBits 1
Speed 115200
line vty 0 4
exec-timeout 30 0
login timeout 120 response
login authentication netadmins
but users in the ITD security can still access by vty and then reverse telnet to any asynchronous line on the router. In addition, security ITD always access any switch or router using telnet: what should be my setup on these devices? I do an ACS configuration?
All other devices:
AAA new-model
AAA authentication login netadmins group Ganymede + line
RADIUS-server host 10.30.X.X
RADIUS-server host 10.18.X.X
key radius-server XXXXXXX
Line con 0
password 7 141C015C5806
login authentication netadmins
line vty 0 4
password 7 11020A 524310
login authentication netadmins
line vty 5 15
password 7 11020A 524310
login authentication netadmins
Any help will be greatly appreciated.
Hello
In the security group, I would create a Restriction of access to IP network with an entry permit. Essentially to allow access to the single port on 2611 only.
The AAA Client field is the name that you gave to the 2611 in the network config. Address will be * unless you want to restrict access to the ip or address. Port... never quite sure with async if the port value must be "async 53" or "line 53".
If you look in the pass/fail for the nas-port attribute, you'll see what that T + sends to the ACS. This should help you know what to put in the NAR.
Mounira
-
VLAN routing when you use a dell computer 6224
Hello
I have a dell switch 6224 with 2 VLANS.
Management-192.168.1.111/24 Ports 1/g1-1 / g12
Vlan150-192.168.150.111/24 Ports 1/g13-1 / g24
I have two ports on the router with the ip address to communicate with the switch (192.168.1.2 and 192.168.150.2). Vlan1 works very well without any problems. I can ping from 192.168.150.2 to 192.168.150.111. I set up the laptop with the ip 192.168.150.113 and plugged in the Vlan150 on port 1/g19. I can not ping to 192.168.150.113 192.168.150.2. The traffic is not going through the Vlan150 in the switch.
What Miss me? This is my first time setting up a VLAN on these switches. Help, please.
Config
console #show running-config
! Current configuration:
! Description of the system "PowerConnect 6224, 3.3.8.2, VxWorks 6.5.
! 3.3.8.2 system software version
! Passage mode is configured as disabled
!
Configure
database of VLAN
VLAN 150
VLAN 150 1 routing
subnet of VLAN association 192.168.150.0 255.255.255.0 150
output
battery
1 1 member
output
192.168.1.111 IP address 255.255.255.0
by default-gateway IP 192.168.1.2
IP routing
interface vlan 150
name "VLAN150".
Routing
IP 192.168.150.111 255.255.255.0
output
level of 00436d6ae2ed27bbe87fa24b73b5a249 user name 'admin' password encrypted 15
line of AAA authentication login "defaultList".
the AAA authentication enable line 'enableList '.
line console
00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
line telnet
connection of authentication defaultList
00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
ssh line
connection of authentication defaultList
00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
!
interface ethernet 1/g1
switchport mode general
output
!
interface ethernet 1/g2
switchport mode general
output
!
interface ethernet 1/g3
switchport mode general
output
!
interface ethernet 1/g4
switchport mode general
output
!
interface ethernet 1/g5
switchport mode general
output
!
interface ethernet 1/g6
switchport mode general
output
!
interface ethernet 1/g7
switchport mode general
output
!
interface ethernet 1/g8
switchport mode general
output
!
interface ethernet 1/g9
switchport mode general
output
!
interface ethernet 1/g10
switchport mode general
output
!
interface ethernet 1/g11
switchport mode general
output
!
interface ethernet 1/g12
switchport mode general
output
!
interface ethernet 1/g13
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g14
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g15
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g16
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g17
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g18
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g19
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g20
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g21
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g22
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g23
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g24
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
activate 00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
Hello
The laptop is probably sending unmarked packages and so you need to change the PVID on the interface so that the unmarked packages are assigned to 150 of VLAN.
switchport General pvid 150
-
Password required but no defined (ssh)
Hello
I'm stumped... I have several 3750 switches x (IOS 15.0 (2) SE4) configured for authentication with NPS (RADIUS). When I ssh in these switches, I can authenticate via Radius successfully. However, when I type activate, I get this message: password required, but none set... password: __________. He will accept my password to enable problem-free.
I 3750 g switches and do not encounter this message when you type in my password to enable.
I'm trying to understand what generated this message. This is my setup for aaa loging and line vty:
encryption password service
AAA new-model
AAA authentication login default group RADIUS local-case
RADIUS group AAA authorization exec default authenticated if
AAA - the id of the joint session
password for admin1 privilege 0 [email protected]username / * / username //changed and password
enable secret 5 *.
line vty 0 4
session-timeout 10
Synchronous recording
preferred no transport
entry ssh transport
transport of output no
Thank you
Bedside
Bedside
It is a bit of a strange behavior. I suspect it has something to do with the IOS 15.0 changes.
I think part of the problem is that you have not provided any aaa commands of authentication for access to activate the mode. If you want to control access to activate the mode through RADIUS similar to what you do for the user mode? Or you just want to use the enable password. I think if you put that in the configuration that he could solve this problem. It might look like this if you want to use radius
AAA authentication enable default group enable RADIUS
or it might look like this if you want just the enable password
the AAA authentication enable default
One of them give it a try and tell us if it helps.
HTH
Rick
-
Cannot establish connection/local authorization on 6500's
I have a need to allow a small group of level-15 users temporary access to several 6500
switches (12.2 - 33 SXJ2 code execution), but do not want to provide the password secret enable that is used on the
the rest of the network (over 1200 devices). I tried to eliminate the AAA using the command "no aaa new-model", but I was told that I could not remove aaa while there are active sessions, and 'local connection' appeared more as an option for the vty lines. So, I created a database of local user, called the 'support' that I used to replace the entry 'group' in sections of the authentication and authorization of our AAA config and connection on vty 0 4.
[The username is given a privilege level of 15 with an individual password for authentication. (e.g. username privilege 15 password 0 xxxxx jsmith)]
I changed our AAA configuration to support the local login, but could not establish a "mode" (i.e. the prompt #) with any account. I have
can log on locally, but only to a normal "user mode" (i.e. > prompt).
Here is the config current, modified, and sanitized for our AAA sections and line vty 0 4. Please tell me what needs
for the stay, and what to go. Thank you!
P.S.: for reasons of security, we want to track individual activity, so need the accounting AAA part to stay.
AAA new-model
AAA server Ganymede group + XXXXXX
Server xxx.xxx.xxx.xxx
Server xxx.xxx.xxx.xxx
!
enable AAA authentication login default group XXXXXX
the AAA authentication enable default
default AAA authorization exec XXXXXX group no
AAA authorization commands 15 default authenticated if
AAA authorization network default group XXXXXX no
authorization AAA MLPPP-PPP network no
MLPPP AAA authorization network no
AAA accounting exec by default start-stop group XXXXXX
AAA accounting command 15 default start-stop group XXXXXX
AAA accounting network default start-stop group XXXXXX
AAA accounting connection by default start-stop group XXXXXX
AAA accounting system by default start-stop group XXXXXX
!
line vty 0 4
access-class 75
exec-timeout 15 0
privilege level 0
password 7 xxxxxxxxxxxxxxxxxxx
entry ssh transportI'll have to probably more information until I can provide more help but since I see in the snip-it, you have configured aaa and your AAA server is a GANYMEDE server +. If this is the case you should keep in mind the following:
1. If the authentication/authorization commands refer to the GANYMEDE group + then you will need to add a 'local' at the end of the command. This will allow local accounts to use when the AAA server is down/unavailable
2. keep in mind that local users will ONLY be used when the AAA server is down/unavailable. You cannot have a mixture of the two
Question, since you have a GANYMEDE server +, why don't you just create temporary accounts directly on the server GANYMEDE + accounts vs local? You can get very granular like that and don't allow some commands on some devices, during a certain time of day, etc...
I hope this helps and thank you for the rating!
-
4.2 authorization control ACS
Hello world
This is my first post. And I'm not quite sure if this is the right place so that's
I have several cisco devices and I want my nationalities have limited access in which they are allowed only to specific orders. So I put in place a 4.2 ACS in place with the user authenticated accounts against active directory.
IM done with the authentication part and its works perfectly (I guess). I create three user group where I attached a command authorization sets
Shell command authorization sets
GROUP-80
Allow orders (the rest are denied)
Show *.
activate *.
Configure *.
end *.
output *.
GROUP-90
Refuse orders
Clears the configuration *.
user name *.
no user name *.
RADIUS-server *.
no RADIUS server *.
AAA *.
No aaa *.
line *.
No line *.
GROUP-100
Allow all the
The IOS configuration
AAA new-model
AAA authentication login default local
AAA authentication login alors1 group Ganymede + local
AAA authorization exec THOR1 group Ganymede + local
AAA - the id of the joint session
AAA authentication login alors1 group Ganymede + local
AAA authorization exec THOR1 group Ganymede + local
RADIUS-server host 172.16.8.115 single-connection
RADIUS-server host 172.16.8.112 single-connection
RADIUS-server key 7 0300520C0F1B204F4F0A0A54
line vty 0 4
access-class 50
privilege level 15
exec authorization THOR1
connection alors1 authentication
entry ssh transport
Use this command on your router/switch
AAA authorization config-commands
http://www.Cisco.com/en/us/docs/iOS/12_0/Security/command/reference/srau...
Sent by Cisco Support technique iPad App
-
Cisco 876: political phase 2 SA is not acceptable!
Hello!
I want to configure a Cisco VPN Client vpn tunnel in the internet on a fritzbox to Cisco 876 (Version 15.1 (4) M3) so that the vpn tunnel is connected to the Cisco 876.
For this reason I used the command "map mymap crypto" fastethernet int 1. When I try to connect, the VPN Client opens the user name and password but then stops with the message "not connected". When I "debug crypto isakmp" Cisco 876 displays the message:
"phase 2 policy is not acceptable."
Here is the output of "show run":
See the race
Building configuration...
Current configuration: 1993 bytes
!
version 15.1
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname Fernwartung
!
boot-start-marker
boot-end-marker
!
!
enable password xxxx
!
AAA new-model
!
!
AAA authentication login AutClient local
yyyyyyy AAA authentication login line
AAA authorization groupauthor LAN
!
!
!
!
!
AAA - the id of the joint session
Crypto pki token removal timeout default 0
!
!
dot11 syslog
IP source-route
!
!
!
IP cef
!
!
!
!
VTP transparent mode
username password yyyyyyy-group 0 zzzzzzz
!
!
VLAN 101
!
!
!
!
crypto ISAKMP policy 10
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group yyyyyyy
zzzzzzz key
pool ippool
Crypto isakmp VPNclient profile
yyyyyyy group identity match
client authentication list AutClient
ISAKMP authorization list groupauthor
client configuration address respond
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
Crypto-map dynamic dynmap 5
Set transform-set RIGHT
Define VPNclient isakmp-profile
!
!
map mymap 10-isakmp ipsec crypto dynamic dynmap
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
Shutdown
!
ATM0 interface
no ip address
Shutdown
No atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
switchport access vlan 101
no ip address
crypto mymap map
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
IP address
IP access-group 103 to
!
interface Vlan101
IP address
!
IP local pool ippool
IP forward-Protocol ND
no ip address of the http server
no ip http secure server
!
IP route 0.0.0.0 0.0.0.0
!
access-list 103 permit ip host
host Journal !
!
!
!
!
!
control plan
!
!
Line con 0
password xxxxxxx
login authentication yyyyyyy
no activation of the modem
line to 0
line vty 0 4
transport of entry all
!
end
Any help would be appreciated. Thank you very much for your help!
Crypto card must be applied to the interface VLAN, not the physical interface.
You must apply for a card encryption on Vlan101
-
Hello
I have been using OEM for the monitoring of the database. Recently, I've seen more error on screen
java.lang.Exception: ORA-01017: name of user and password invalid. connection refused - wait_bottlenecks
So I reset password with the same value to reopen. I still get this error.
When I try to sign in with the same password in sqlplus, I get same error also.
SQL > alter user DBSNMP identified by the values '-';
Modified user.
SQL > connect DBSNMP.
ERROR:
ORA-01017: name of user and password invalid. connection refused
I don't know why I'm not able to login with the same password I used to change the statement.
Thanks for the help in advance.
Let's not your syntax.
When you say 'identified by values' you tell Oracle 'this is not the password, but it is a salted and hashed password.
Do not use 'values '.
Technically,-is not a password valid, so I'll use it valid to demonstrate:
In 12.1.0.2, it will not allow you to use '-' because this isn't a valid hash value, so I can't prove that it works, but you get the idea
SQL> grant create session to foo; Grant succeeded. SQL> conn foo/aaa$ Connected. SQL> conn / as sysdba Connected. SQL> drop user foo cascade; User dropped. SQL> create user foo identified by values 'aaa$'; create user foo identified by values 'aaa$' * ERROR at line 1: ORA-02153: invalid VALUES password string SQL> create user foo identified by aaa$; User created. SQL> alter user foo identified by values 'aaa$'; alter user foo identified by values 'aaa$' * ERROR at line 1: ORA-02153: invalid VALUES password string SQL> alter user foo identified by values '---'; alter user foo identified by values '---' * ERROR at line 1: ORA-02153: invalid VALUES password string
-
Issue of AAA - Line Con 0 = login authentication (password)
Good afternoon everyone,
A simple nice for someone I am sure... I only of remote access to the network kit and therefore cannot test access to the Console.
I have a switch with the following configuration (excerpt)
!
Password username Admin Password123
!
AAA new-model
AAA authentication default login group Ganymede + local
!
Line con 0
Cisco connection authentication (where cisco is representative of a password)
NOTE: I have not username cisco password Admin in global config
My question is: with this current config access Console will stop using the configuration of default Ganymede for authentication and don't allow access to the line of the console if the cisco password is specified? In this case that the password is not defined in a global access, would be denied?
I've seen it before where you have exactly the same set up, but instead of referring to a value of password on the console line, you specify a list of names. For example, authentication of connection local CONSOLE_USERS, which would make sense, because you would be referring to a group on the Ganymede server named CONSOLE_USERS and only users defined in this group could access through the console, while the ACS server is running!
Any assistnace appreciated as I really want to get my head around ACS unconditionally
Thanks in advance
David
Yes, David, you can safetly delete this "authentication to connect cisco" line con 0.
About radius server take a look on:
http://www.shrubbery.NET/tac_plus/
On the radius server, I recommend freeradius for these tests.
(there much capacity of fever, then cisco ACS, but it can allow you easy test of the basic functions)
---
Michal
-
The AAA authentication not working method and 'by default' list
Guys,
I hope someone can help me here to the problem of the AAA. I copied the configuration and debugging below. The router keeps using username/password local name even if the ACS servers are accessible and functional. To debug, it seems he keeps using the method list 'default' ignoring GANYMEDE config. Any help will be appreciated
Config
**********************************
AAA new-model
!
username admin privilege 15 secret 5 xxxxxxxxxx.
!
AAA authentication login default group Ganymede + local
the AAA authentication enable default group Ganymede + activate
authorization AAA console
AAA authorization exec default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
AAA authorization default reverse-access group Ganymede + local
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
!
AAA - the id of the joint session
!
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server application made
RADIUS-server key 7 0006140E54xxxxxxxxxx
!
Ganymede IP interface-source Vlan200
***************************
Debugs
002344: 5 Dec 01:36:03.087 ICT: AAA/BIND (00000022): link i / f
002345: Dec 5 01:36:03.087 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
002346: Dec 5 01:36:11.080 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
core01 #.
002347: Dec 5 01:36:59.404 ICT: AAA: analyze name = tty0 BID type =-1 ATS = - 1
002348: Dec 5 01:36:59.404 ICT: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot
002349: Dec 5 01:36:59.404 ICT: AAA/MEMORY: create_user (0 x 6526934) user = "admin" ruser = "core01" ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = NONE priv = 15 initial_task_id = '0', vrf = (id = 0)
002350: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): Port = "tty0" list = "service = CMD
002351: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/CMD: tty0 (2162495688) user = "admin".
002352: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send service AV = shell
002353: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd = AV set up
002354: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send AV terminal = cmd - arg
002355: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd - arg = AV
002356: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): found the 'default' list
002357: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = Ganymede + (Ganymede +)
002358: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): user = admin
002359: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send service AV = shell
002360: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd = AV set up
002361: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send AV terminal = cmd - arg
002362: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd - arg = AV
Enter configuration commands, one per line. End with CNTL/Z.
core01 (config) #.
002363: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): permission post = ERROR
002364: Dec 5 01:37:04.261 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = LOCAL
002365: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): position of authorization = PASS_ADD
002366: Dec 5 01:37:04.261 ICT: AAA/MEMORY: free_user (0 x 6526934) user = "admin" ruser = "core01" port = "tty0" rem_addr = "async" authen_type = ASCII service = NONE priv = 15
core01 (config) #.
Ganymede + accessible servers use source vlan 200. Also in the Ganymede server + can you check if the IP address for this device is configured correctly and also please check the pwd on the server and the game of this device.
As rick suggested sh Ganymede would be good as well. That would show the failures and the successes
HTH
Kishore
-
I have a Cisco ACS 4.2 on Windows 2003. Authentication works very well for various cisco as the routers, VPN etc Hub devices
Today, I added a 48-Port L2 switch as a client of the AAA authentication works well. However, I see several connection attempts that have failed this L2 switch with the user 'C '.
Message Type: Authentic failed
Caller ID: async
Authentic-failure-Code: external DB invalid or wrong password user
NAS-Port: tty0
What is causing this connection failed?
If the port console switch generating errors of parasitic connection is connected to a device offering remote access to the console port, then it is likely that an output of this unit is causing the false connection attempt.
If this device is an IOS router with a bunch of asynchronous ports add "no exec" to the line connected to the switch console port.
-
Scan of a file only works on the first line
Hello
I'm new to Labview (see 8.6) and I'm running on this problem.
I use the Scan of a file to get a certain amount of information for the installation of test.txt. The data of the file looks like this:
AAA 1
BBB 2
REC 3
I noticed that the Scan of the file works for only the first line. Trying to get data that are not in the first line results in an error 85.
Any ideas? Thank you
It's all in what the scan of the file reads, and what is the next cgaracter in the file.
Your first analysis of the file reads up to but NOT including the first newline in the file.
The second read readings where the first reading was arrested and is expected to see 'B' as the next character, but sees the new line instead, and if the analysis fails. You must specify second reading formatted to await the return line.
You can do this by making the FIRST character of the format string space, that will tell it to expect a number any of charaters 'white space '.
Yo can indeed put a space at the beginning of the format string in your first analysis of the file and it will match with zero white space characters before you see the AAA. By doing this he also tolerate to see the spaces and tabs before your AAA or BBB identifiers.
Rod.
Maybe you are looking for
-
Can I use an I tunes card for the mini game on my I pad?
Can I use an I tunes card for the mini game on my I pad?
-
Timer &; events system process
I usually use a "smart" delay dealing with the events, but I wanted to use a thread separate to process system events. Wording of menchar here, I feel that using a timer, it is automatically in a different thread. Is this true?
-
How can I deletete MY search on the web
"My web search" does not appear when I discovered programsms installed on my hard drive.
-
Windows 7 sees not SATA optical drives
My engraver of CD/DVD Lite-On (model No.: iHAS324-98Y) managed to install Windows 7 Ultimate 64 bit on my new custom PC. A few days later, I installed ASUS BR - ROM (model No.: BC-08B81ST) and the two discs have been palying OK. A week later, I ins
-
can someone help me for localization?
Hello I tried the A12_localizing_v2.pdf. I created the file LocalDemo.rrh then the LocalDemo.rrc file created automatically. After that, I created two files LocalDemo_es.rrc and LocalDemo_fr.rrc then add the key to the file LocalDemo.rrh and value to