Options
Brain freeze... New User?
mikearama
Member Posts: 749
in CCNA & CCENT
Don't know why I'm having such hard time understanding this...
I have a several Cat 3750 stacks that use aaa (cisco acs), and I have been asked to make sure they all have a backup, local account... so that if my acs server is unavailable, access is still possible. Further, the account must be able to get access via both the console, and telnet.
If I user the command:
Switch(config)#username mike privilege 15 password mikearama
a) can this account gain access when acs is unavailable?
b) since I didn't mention any group when creating the account, can it gain access when acs IS available?
c) do I need to specify the vty lines somewhere when adding the account to ensure telnet access? or is that automatic with level 15 permissions?
d) right now, access via the console is by password only. Can line 0 be setup to require both this username and password? or is password-only the standard.
Again, much obliged for any help.
Mike
I have a several Cat 3750 stacks that use aaa (cisco acs), and I have been asked to make sure they all have a backup, local account... so that if my acs server is unavailable, access is still possible. Further, the account must be able to get access via both the console, and telnet.
If I user the command:
Switch(config)#username mike privilege 15 password mikearama
a) can this account gain access when acs is unavailable?
b) since I didn't mention any group when creating the account, can it gain access when acs IS available?
c) do I need to specify the vty lines somewhere when adding the account to ensure telnet access? or is that automatic with level 15 permissions?
d) right now, access via the console is by password only. Can line 0 be setup to require both this username and password? or is password-only the standard.
Again, much obliged for any help.
Mike
There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Comments
-
Options
Daniel333
Member Posts: 2,077 ■■■■■■□□□□
This is CCNA? Might want to try the CCNP/CCIE section. This isn't anything I have ever read man.-Daniel -
Optionsmikearama
Member Posts: 749
Some of it... the acs stuff... might be deeper than ccna, but assigning usernames and passwords, and access to the vty lines/console, should be standard fare for any up and coming NA, no?There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
Options
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
This is not really a CCNA level question, but the configuration is not too difficult.
To answer one of the questions "Can I do this on a Cisco router?" the answer is almost always yes! (a little Cisco plug)
a. You would need to add the option "local" to the end of the "aaa authentication" command you are using.
b. This comes from the local option on the aaa authentication command where you specified the group.
c. On the vty lines you can specify an aaa group or use the aaa authentication default group tacacs local command to specify all lines
d. similar to c. use a group anem on the line con 0 command or if you configure the default group it will authenticate the console.
HTHThe only easy day was yesterday!