Go CCIE Go!! - A Cisco Certified Internetwork Expert

This thread is kind of continuation of another thread posted by me earlier. One of the requirements was to use AAA.
Hope this clarifies.

Gregory W. Posey Jr. wrote: > Why not… > username cisco password cisco > line vty 0 4 > login local > privilege level 15 > Thank you, > Greg Posey Jr. > CCIE #7981 > CCSP, CCSI > M.S. EE > > secondie writes: >> I think it is for “no enable password”. >> Here is the brief description: >> “aaa authentication login VTY local” — sets up VTY as local auth >> group >> “aaa authorization exec VTY local” — sets up as authorization as >> local >> line vty 0 4 >> password a — “this line has no relevance to the authen or author as >> both are base on AAA, so ignored by VTY login”, could be used as >> second choice but not configured in this case >> login authentication VTY — “enable login based on VTY profile of >> AAA which is local” >> >> authorization exec VTY “enables the authorization based on the VTY >> author group, which is local” >> So when VTY is login is prompted, AAA looks for local >> username/password for authentication, which is cisco/cisco. Then for >> authorization it looks under “authorization exec VTY group local” and >> as local command “username cisco privi 15 pass cisco” specifies level >> of 15, it authorizes user cisco for priv 15, therefore directly >> dropping user into enable mode. >> HTH >> -secondie >> >> Paul Dardinski wrote: >>> Can someone elaborate? I thought the question was “is it possible to >>> enable vty access with “NO” password authent?”. Will lab this up, does >>> this allow enable access vty with no further authent other then local >>> login? >>> —–Original Message—– >>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of >>> Rick Fox >>> Sent: Sunday, July 30, 2006 10:07 PM >>> To: secondie@gmail.com >>> Cc: Cisco certification >>> Subject: RE: Enable access for VTY >>> That’s it. >>> Line vty 0 4 >>> authorization exec VTY >>> Thanks, >>> Rick >>> —–Original Message—– >>> From: secondie [mailto:secondie@gmail.com] Sent: Sunday, July 30, >>> 2006 9:59 PM >>> To: Rick Fox >>> Cc: Cisco certification >>> Subject: Re: Enable access for VTY >>> Only way I can think of is as below: >>> aaa new-model >>> aaa authentication login CONSOLE enable >>> aaa authentication login VTY local >>> aaa authorization exec VTY local >>> enable password enable >>> ! >>> username cisco privilege 15 password 0 cisco >>> >>> line con 0 >>> login authen CONSOLE >>> line vty 0 4 >>> password a >>> authorization exec VTY >>> login authentication VTY >>> ***************** >>> CONSOLE LOGIN: >>> ***************** >>> R20 con0 is now available >>> Press RETURN to get started. >>> >>> R20>en >>> Password: enable (typed in for clarity) >>> R20# >>> >>> ************* >>> VTY LOGIN: >>> ************* >>> User Access Verification >>> Username: cisco >>> Password: cisco (typed in for clarity) >>> R20# >>> R20# >>> >>> HTH >>> -secondie >>> >>> Rick Fox wrote: >>>> So, is there a way to configure access so that when telneting to a >>>> router, local authentication is used, and you are immediately in >>> enable >>>> mode? >>>> The config provided from previous thread still requires additional >>> login >>>> to enable mode. >>>> >>>> >>>>>> aaa new-model >>>>>> aaa authentication login CONSOLE enable >>>>>> aaa authentication login VTY local >>>>>> ! >>>>>> line console 0 >>>>>> login authentication CONSOLE >>>>>> ! >>>>>> line vty 0 4 >>>>>> login authentication VTY >>>>>> ! >>>> >>> _______________________________________________________________________ >>>> Subscription information may be found at: >>>> http://www.groupstudy.com/list/CCIELab.html >>> >>> _______________________________________________________________________ >>> Subscription information may be found at: >>> http://www.groupstudy.com/list/CCIELab.html >>> _______________________________________________________________________ >>> Subscription information may be found at: >>> http://www.groupstudy.com/list/CCIELab.html >> >> _______________________________________________________________________ >> Subscription information may be found at: >> http://www.groupstudy.com/list/CCIELab.html