Excluding the lines of Terminal Server in the AAA authentication
Hi all
Hope you can help, I'm trying to find a solution to exclude only the following line port by using the AAA authentication (ACS GANYMEDE +) on a map of Terminal Server on a Cisco 2600 router. Does anyone know how to do this, or point me in the right direction to solve?
I've included the output below:
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
AAA accounting default connection group power Ganymede
AAA accounting system default start-stop Ganymede group.
AAA - the id of the joint session
line 41
session-timeout 20
decoder location - XXXXXX XXXXXX BT
No banner motd
No exec-banner
absolute-timeout 240
Modem InOut
No exec
transport of entry all
StopBits 1
Speed 38400
Is it a question of disabling the command line or using a defined group?
Thanks a lot for your help.
Jim.
Hi Jim
You may need to create another group for authentication to the and send your AAA configuration
line to 0
connection of authentication aux_auth
AAA authentication login aux_auth line
You can also configure a username local/pw and map it on the group to here...
Console and telnet would still use the configured default group, or you can specify specific groups:
Line con 0
console login authentication
line 4 vty0
vty authentication login
and specify the aaa authentication settings individually...
I hope this helps... all the best
REDA
Tags: Cisco Security
Similar Questions
-
The AAA authentication not working method and 'by default' list
Guys,
I hope someone can help me here to the problem of the AAA. I copied the configuration and debugging below. The router keeps using username/password local name even if the ACS servers are accessible and functional. To debug, it seems he keeps using the method list 'default' ignoring GANYMEDE config. Any help will be appreciated
Config
**********************************
AAA new-model
!
username admin privilege 15 secret 5 xxxxxxxxxx.
!
AAA authentication login default group Ganymede + local
the AAA authentication enable default group Ganymede + activate
authorization AAA console
AAA authorization exec default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
AAA authorization default reverse-access group Ganymede + local
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
!
AAA - the id of the joint session
!
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server application made
RADIUS-server key 7 0006140E54xxxxxxxxxx
!
Ganymede IP interface-source Vlan200
***************************
Debugs
002344: 5 Dec 01:36:03.087 ICT: AAA/BIND (00000022): link i / f
002345: Dec 5 01:36:03.087 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
002346: Dec 5 01:36:11.080 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
core01 #.
002347: Dec 5 01:36:59.404 ICT: AAA: analyze name = tty0 BID type =-1 ATS = - 1
002348: Dec 5 01:36:59.404 ICT: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot
002349: Dec 5 01:36:59.404 ICT: AAA/MEMORY: create_user (0 x 6526934) user = "admin" ruser = "core01" ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = NONE priv = 15 initial_task_id = '0', vrf = (id = 0)
002350: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): Port = "tty0" list = "service = CMD
002351: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/CMD: tty0 (2162495688) user = "admin".
002352: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send service AV = shell
002353: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd = AV set up
002354: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send AV terminal = cmd - arg
002355: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd - arg = AV
002356: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): found the 'default' list
002357: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = Ganymede + (Ganymede +)
002358: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): user = admin
002359: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send service AV = shell
002360: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd = AV set up
002361: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send AV terminal = cmd - arg
002362: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd - arg = AV
Enter configuration commands, one per line. End with CNTL/Z.
core01 (config) #.
002363: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): permission post = ERROR
002364: Dec 5 01:37:04.261 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = LOCAL
002365: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): position of authorization = PASS_ADD
002366: Dec 5 01:37:04.261 ICT: AAA/MEMORY: free_user (0 x 6526934) user = "admin" ruser = "core01" port = "tty0" rem_addr = "async" authen_type = ASCII service = NONE priv = 15
core01 (config) #.
Ganymede + accessible servers use source vlan 200. Also in the Ganymede server + can you check if the IP address for this device is configured correctly and also please check the pwd on the server and the game of this device.
As rick suggested sh Ganymede would be good as well. That would show the failures and the successes
HTH
Kishore
-
the AAA authentication enable default group Ganymede + activate
I implement CSACS 4.0. First of all on the client, I will apply aaa authenticatio / authorization under vty. The issure if I use the followin command
the AAA authentication enable default group Ganymede + activate
What happens if I connect via the console? I need to enter a name of user and password?
Here is my configuration
AAA new-model
Group authvty of connection authentication AAA GANYMEDE + local
the AAA authentication enable default group Ganymede + activate
authvty orders 15 AAA authorization GANYMEDE + local
RADIUS-server host IP
Radius-server key
Ganymede IP source interface VLAN 3
AAA accounting send stop-record an authentication failure
AAA accounting delay start
AAA accounting exec authvty start-stop group Ganymede +.
orders accounting AAA 15 authvty power group Ganymede +.
AAA accounting connection authvty start-stop group Ganymede +.
line vty 0 15
connection of authentication authvty
authorization orders 15 authvty
authvty connection accounting
accounting orders 15 authvty
accunting exec authvty
Any suggestion will be appreciated!
It should work because it is a guest message.banner whenever you try to connect (console/vty). I set it up on my router.
If you have banner motd, it will appear as well (see below). So, I have to remove it to get only the aaa banner & prompt is displayed:
************************************************************
Username: cisco, password: cisco (priv 15f - local) *.
************************************************************
Any unauthorized use is prohibited.
Enter your name here: User1
Now enter your password:
Router #.
The configuration more or less looks like this:
AAA new-model
AAA authentication banner ^ is forbidden to use CUnauthorized. ^ C
AAA authentication password prompt "enter your password now:
AAA-guest authentication username "enter your name here:
Group AAA authentication login default RADIUS
local authentication AAA CONSOLE connection
HTH
AK
-
The AAA authentication configuration
We have ACS server 3.1 to AAA for authentication for all routers and switches. I want each person to connect the router using its own id, password password and activate. If the ACS server is unavailable, I want to have different id, password and enable password for console and telnet access. What is the right way to do this? I also want to follow all orders entered on the router.
That's what I have:
AAA new-model
AAA authentication login default group Ganymede + local
enable AAA authentication login no_tacacs
the AAA authentication enable default group Ganymede + line
AAA authorization exec default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
!
username admin password 7 xxxxxxxxxxxxxxxx
!
!
Line con 0
connection of authentication no_tacacs
line to 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
Yes, it's Joy on the right. Thank you, Renault
-
The AAA authentication: not configured
I have cisco 851 using ccp to configure EASY VPN
I click on TEST VPN SERVER, and then click Start the State shows successful
When I tried to connect a client I mm_no_state
When I considered the report of the test I found
The AAA authentication: not configured
My AAA
AAA new-model
!
!
AAA authentication login tgcsusers local
AAA authorization tgcsvpn LAN
!
AAA - the id of the joint session
I have also attached my config
Ideas or thoughts?
You will need to get my client work...
I logged by user name password you provided.
Please check the pictures I downloaded to you.
Good night, sleep tight.
Thank you
Rizwan James
-
The AAA authentication &; accounting using the command of Ganymede-orders
In the page of the cisco Remote Access Companion guide 394 book we got these configuration lines:
RTA (config) #tacacs - server host 192.168.0.11
RTA (config) #tacacs - host 192.168.0.12 server
RTA (config) #tacacs - server key topsecret
RTA (config) #aaa new-model
Ganymede + RTA (config) #aaa authentication login default group
If I want to add to the configuration above, the following command:
RTA (config) #aaa accounting connection defult stop / start Ganymede +.
Is it necessary that the above lines be in a specific order when I configure the RTA?
No, the order in which you enter commands doesn't matter.
-
The AAA authentication and VRF-Lite
Hello!
I encountered a strange problem, when you use authentication Radius AAA and VRF-Lite.
The setting is as follows. A/31 linknet is configured between PE and THIS (7206/g1 and C1812), where the EP sub-si is part of a MPLS VPN and VRF-Lite CE uses to maintain separate local services (where more than one VPN is used..).
Access to the this, via telnet, console etc, will be authenticated by our RADIUS servers, based on the following configuration:
--> Config start<>
AAA new-model
!
!
Group AA radius RADIUS-auth server
Server x.x.4.23 auth-port 1645 acct-port 1646
Server x.x.7.139 auth-port 1645 acct-port 1646
!
AAA authentication login default group auth radius local
enable AAA, enable authentication by default group RADIUS-auth
...
touch of 1646-Server RADIUS host x.x.4.23 auth-port 1645 acct-port
touch of 1646-Server RADIUS host x.x.7.139 auth-port 1645 acct-port
...
source-interface
IP vrf 10 RADIUS ---> Config ends<>
The VRF-Lite instance is configured like this:
---> Config start<>
VRF IP-10
RD 65001:10
---> Config ends<>
Now - if I remove the configuration VRF-Lite and use global routing on the CE (which is OK for a simple vpn installation), AAA/RADIUS authentication works very well. "" When I activate transfer ip vrf "10" on the interface of the outside and inside, AAA/RADIUS service is unable to reach the two defined servers.
I compared the routing table when using VRF-Lite and global routing, and they are identical. All roads are correctly imported via BGP, and the service as a whole operates without problem, in other words, the AAA/RADIUS part is the only service does not.
It may be necessary to include a vrf-transfer command in the config of Group server as follows:
AAA radius RADIUS-auth server group
Server-private x.x.x.x auth-port 1645 acct-port
1646 key ww
IP vrf forwarding 10
See the document below for more details:
http://www.Cisco.com/en/us/partner/docs/iOS/12_4/secure/configuration/guide/hvrfaaa.html
-
Hello
Just 2 8164 unpacket new switches. This is my first network hardware dell that I use. I have a little trouble understanding authentication methods. I'm used to using a database of the local user. I managed to create a list of login authentication which checks the local user database. But I stil have to Pentecost autheticate an enable password when I enter enable promt.
Is it possible to login and go straight through the mode exec user without password enable?
Hello
If you have a radius or Ganymede server you won't have to use the enable password if you define methods like the default method and user account appropriate to record level in sound. FTP://FTP.Dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/PowerConnect-8100_Reference%20Guide_en-us.PDF page 242
-
The AAA authentication failure
I have a 2500 with configured radius server controller with safety as the WPA system. Few users authenticate not since yesterday (they were connected before) with the same user credentails in another laptop sound work. All a both few customers is not authenticate.
Here are the logs of problem with the command show debugging client client mac address
(Cisco Controller) > * Dot1x_NW_MsgTask_3: 18:30:37.487 Mar 20: 98:03:d8:7 d: d0:83 received EAPOL START of mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.487 Mar 20: 98:03:d8:7 d: d0:83 dot1x - moving d mobile 98:03:d8:7: d0:83 in the State of connection
* Dot1x_NW_MsgTask_3: 18:30:37.487 Mar 20: 98:03:d8:7 d: d0:83 send request/identity EAP to d 98:03:d8:7 mobile: d0:83 (EAP Id 2)
* Dot1x_NW_MsgTask_3: 18:30:37.493 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.493 Mar 20: 98:03:d8:7 d: d0:83 response received identity (count = 2) d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.493 Mar 20: 98:03:d8:7 d: d0:83 EAP State update of login authentication for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.493 Mar 20: 98:03:d8:7 d: d0:83 dot1x - moving d mobile 98:03:d8:7: d0:83 by authenticating the State
* Dot1x_NW_MsgTask_3: 18:30:37.493 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.551 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.551 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 220) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.551 Mar 20: 98:03:d8:7 d: d0:83 WARNING: Update 2 EAP-identifier ===> 220 for STA 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.551 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 220)
* Dot1x_NW_MsgTask_3: 18:30:37.566 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.566 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (220 Id EAP, EAP Type 3)
* Dot1x_NW_MsgTask_3: 18:30:37.566 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.627 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.627 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 221) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.627 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 221)
* Dot1x_NW_MsgTask_3: 18:30:37.643 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.643 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (221 Id EAP, EAP Type 25)
* Dot1x_NW_MsgTask_3: 18:30:37.643 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.701 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.701 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 222) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.701 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 222)
* Dot1x_NW_MsgTask_3: 18:30:37.723 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.723 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (222 Id EAP, EAP Type 25)
* Dot1x_NW_MsgTask_3: 18:30:37.723 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.782 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.782 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 223) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.782 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 223)
* Dot1x_NW_MsgTask_3: 18:30:37.809 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.809 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (223 Id EAP, EAP Type 25)
* Dot1x_NW_MsgTask_3: 18:30:37.809 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.892 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.892 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 224) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.892 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 224)
* Dot1x_NW_MsgTask_3: 18:30:37.903 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.903 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (224 Id EAP, EAP Type 25)
* Dot1x_NW_MsgTask_3: 18:30:37.903 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.959 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.959 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 225) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.959 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 225)
* Dot1x_NW_MsgTask_3: 18:30:37.976 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:37.976 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (225 Id EAP, EAP Type 25)
* Dot1x_NW_MsgTask_3: 18:30:37.976 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.051 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.051 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 226) d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.051 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 226)
* Dot1x_NW_MsgTask_3: 18:30:38.059 Mar 20: 98:03:d8:7 d: d0:83 EAPPKT EAPOL received from mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.059 Mar 20: 98:03:d8:7 d: d0:83 response EAP received from mobile 98:03:d8:7 d: d0:83 (226 Id EAP, EAP Type 25)
* Dot1x_NW_MsgTask_3: 18:30:38.059 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth response for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.116 Mar 20: 98:03:d8:7 d: d0:83 treatment Access-Challenge for mobile 98:03:d8:7 d: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.116 Mar 20: 98:03:d8:7 d: d0:83 State entering Backend Auth Req (id = 227) for d 98:03:d8:7 mobile: d0:83
* Dot1x_NW_MsgTask_3: 18:30:38.116 Mar 20: 98:03:d8:7 d: d0:83 send EAP request of AAA to d mobile 98:03:d8:7: d0:83 (EAP Id 227)
Please help me solve this problem
Make sure that policies of login GBA allowing a user for several sessions as well.
Rating of useful answers is more useful to say "thank you".
-
2611XM Terminal Server + ACS + new authentication when selecting menu options
Hello
I managed to configure ACS authentication on my 2611xm router,
After you connect to the router, I have an autocommand configuration to run a menu.
My problem is when you select the option in the menu,
You are then re invited to reauthenicated against the router before connecting to the line,
can someone tell me how to prevent it.
Thank you for your time and effort in advance, I have attached a config below.
DDRAS01 #sh running-config
Building configuration...
Current configuration: 6854 bytes
!
! Last modification of the configuration at 10:28:49 GMT Sunday, February 21, 2010 by
! NVRAM config update at 19:25:53 GMT Saturday, February 20, 2010 by
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
Service linenumber
sequence numbers service
!
hostname DDRAS01
!
boot-start-marker
boot-end-marker
!
Security of authentication failure rate 3 log
Passwords security min-length 6
logging buffered 51200 informational
record of the rate-limit all 10000
recording console critical
enable password 7
!
AAA new-model
!
!
AAA authentication login default group Ganymede + local
AAA authentication login if_needed local
the AAA authentication enable default
AAA of authentication ppp default local
AAA authorization exec default group Ganymede + local authenticated by FIS
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
!
AAA - the id of the joint session
clock timezone WAS 10
summer time clock WAS recurring last Sun Oct 02:00 last Sun Mar 03:00
no location network-clock-participate 1
No network-clock-participate wic 0
IP cef
!
!
!
!
list of IP domains
list of IP domains
IP domain name
the IP 2033 172.16.1.1 host dd-cr-01F
ddsws01 host IP 172.16.1.1 2034
ddsws04 host IP 172.16.1.1 2035
ddce565 host IP 172.16.1.1 2040
IP-name server
IP-name server
!
!
!
password username d ' operators 15 7 privilege
!
!
property intellectual ssh source interface FastEthernet0/0
property intellectual ssh event logging
property intellectual ssh version 2
!
!
interface Loopback0
IP 172.16.1.1 255.255.255.255
!
interface FastEthernet0/0
IP
255.255.255.0 Speed 100
full-duplex
!
interface Serial0/0
no ip address
Shutdown
!
interface BRI0/0
no ip address
encapsulation hdlc
Shutdown
!
interface FastEthernet0/1
no ip address
Shutdown
automatic duplex
automatic speed
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0
!
IP http server
no ip http secure server
Ganymede IP source interface FastEthernet0/0
!
radius of the IP source interface FastEthernet0/0
exploitation forest installation local6
logging
SNMP-server
RO community SNMP-server
RW community SNMP server location
contact Server SNMP d ' operators
!
title of menu ddras01 ^ C
Server Terminal Server for Cisco
Select number from the list below
Use "ctrl + shift + 6" then 'x' to switch to the menu
^ C
text of ddras01 to menu 1 connect to the DD-CR-01
order of menu 1 ddras01 resume JJ-cr-01 / dd-cr-01 2033 telnet connection
ddras01 text menu 2 connect to DDSWS01
order of menu 2 ddras01 resume ddsws01 / ddsws01 2034 telnet connection
text menu 3 ddras01 connect to DDSWS04
order of menu 3 ddras01 resume ddsws04 / ddsws04 2035 telnet connection
text menu 8 ddras01 connect to DDCE565
order of menu 8 ddras01 resume ddce565 / ddce565 2040 telnet connection
menu 9 ddras01 text output
menu ddras01 command menu-exit 9
ddras01 menu clear-screen
menu ddras01-status line
menu-ddras01 line mode
radius-server host 10.2.0.50
RADIUS-server application made
radius-server key 7
!
control plan
!
privilege exec 15 level write terminal
writing level 15 privileges exec
Ping privileges exec level 1
privilege exec 10 undebug ip icmp level
privilege exec 10 undebug ip level
level of privilege exec 10 undebug all
privilege exec 10 undebug level
terminal monitor exec level 10 privileges
privilege exec 10 level terminals
privilege exec 15 level show running-config
See configuration at the privileged exec level 5
show privileges exec level 5
privilege exec 10 debug ip icmp level
privilege exec level 10 debug ip
privilege exec 10 level debug all
debugging privileges exec level 10
clear interface of privileges exec level 10
clear counters at level 10 privilege exec
level of privilege exec 10 clear
!
Line con 0
password 7
Synchronous recording
line 33 64
No exec-banner
exec-timeout 0 0
no activation-character
No exec
preferred transport telnet
transport of entry all
character of exhaust-27
StopBits 1
FlowControl hardware
line to 0
line vty 0 4
password 7
Synchronous recording
ddras01 menu autocommand
line vty 5 181
password 7
Synchronous recording
ddras01 menu autocommand
!
NTP-period clock 17208487
source NTP FastEthernet0/0
NTP server
end
Hello
You have aaa login default configured for authentication, with this you get invited
When you try to access the line.
Under line VTY 5 181 try adding:
authentication of the connection /NOAUTH
exec authorization /NOAUTH
Add the lines of aaa:
/NOAUTH AAA authentication login no
/NOAUTH AAA authorization exec no
This should stop the authentication to the lines.
-Jesse
-
The AAA for PIX515E 6.3 rules (5)
Hello. If I wanted to configure the PIX for the authentication of an ACS server (for the purpose of management of PIX), what else would need apart from what follows:
AAA-server Admin-FW Protocol Ganymede +.
AAA-Server Admin-FW max-failed-attempts 3
AAA-Server Admin-FW deadtime 10
!
AAA-Server Admin-FW (inside) host 192.168.2.9 access timeout 10
!
console series FW-Admin-AAA authentication
Console telnet authentication AAA Admin-FW
authentication AAA ssh console Admin-FW
As far as I KNOW, I did not specify which IP addresses can someone telnet from to connect on the PIX. I tried the following, but I do not know I did not provide the correct instructions:
the AAA authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW
... and I have a username / password to invite him on the PIX but it keeps asking for a user name and password. I know my account GANYMEDE is good because I can connect on the routers with the same details as what I use to authenticate on the PIX.
I also ran a debugging on the PIX when I was trying to authenticate. The output is attached.
Thank you
Timothy
Hi Tim,.
There is no need to order,
the AAA authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW
Try it now and see if you get hits on ACS. Incase it is not working, pls get again him debugs.
Thank you
Jagdeep
-
In the AAA configuration guide, it says you must apply the method of access to lines and interfaces, but if I use the aaa authentication login apparently apply the authentication method for all methods of login anyway?
Is it because I'm using a default method list?, and I only need to apply the method defined lists of interfaces or lines? but as I don't have the default value is used.
When we use by default it is applied to all lines. If there is no list of methods defined on the default interface will not take effect.
Kind regards
~ JG
-
Portege M400: He can't sleep because of the Terminal Server keyboard driver
I can't put my M400 to sleep.
Error: "because of Terminal Server keyboard driver"
It provides the error message as above.I can't find direct response on the other forum that the roll back.
My problem is that this situation has been the same from day 1, so I can't really push.Any ideas?
concerning
RThis sounds like something wrong with the software or running services.
However, the Toshiba power saver is responsible for the hibernation and the day before. I would recommend reinstallation of this application. -
How to change the language of the Server 2003 terminal server USER profile
Hello
I need to change the language on the terminal user profiles server of the United States to the United Kingdom, the server has been modified, of the United States, to the United Kingdom, but it has not replicated to existing users who are still all see as if it were in the United States (date, etc.). This also applies to Office 2003. If connected as that administrator, that he is in full mode (server language and office area) UK, can anyone help?Thank you very muchJoshHello VILT,.
Microsoft Communities is consumer related questions about Windows 8, Windows 7, Windows Vista and Windows XP. For any question on the terminal server Windows Server 2003 server, it would be best to ask your question on the TechNet forum.
Click here to transfer your question in TechNet for Windows Server 2003 (Terminal Server Services) remote desktop forum.
They will be able to solve your problem.
Thank you
Marilyn
-
Why remove the Terminal Server on Windows Server 2008 Standard Server HKEY_USERS\S -? When one connects users off?
I have a setting wrong?I can't find a setting that relates to this in either Terminal Server Config or Terminal Server Manager...Any help would be much appreciated.Hi Richard,
Thanks for posting your question on Microsoft Community!
I suggest you to ask your question in the section service Terminal Server TechNet forums for assistance.
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
I hope this helps.
Maybe you are looking for
-
Any document from google that I try to use, I am unable to type in the google doc. I already turned off all the modules via the reboot to safe mode. This does not resolve the issue. Is there a way to remedy this situation? Thank you,Allan
-
late 2008 MacBook longer or more cold in clamshell mode?
I was going to use my MacBook recently updated as your desktop with USB keyboard and mouse. Clamshell mode for long periods, there will be 4 to 10 days. I've upgraded to a SSD just for the reason to reduce heat on the left palmrest. Can someone tell
-
Need to buy speakers Satellite X 200 / X 205 harman-kardon
Anyone know where I can find to buy the TOSHIBA X 200 or X 205 harman-kardon speakers (left + right + subwoofer)?And the black covers too... (without the Board of Directors 7 buttons) Help, please
-
Satellite L30-115: memory upgrade question
How do I know what RAM to buy for this laptop? I have now: ddr2 533 mhz PC 4300, but what producer? Kingmax? How do I know what producer is compatible?
-
"WindowsUpdate_80070020" "WindowsUpdate_dt000"
tried to install the new updates, but still get this error code. tried to delete cookies and disable my firewall, but I still have problems. would be greatfull for clues