Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ICSW352
#1
Hello,

On question ICSW352, it says the correct answer for telnet is that a username and password will be required to log into a Telnet session to this device.

However the very first line of the explanation states that the telnet (vty) lines are configured with the password vty2access command, which can be used to gain telnet access to this router.

And later it states that AAA authentication (username & password) will not be used for telnet because there is no login authentication aaa_auth command configured under the vty lines.

I think the answer should be changed to the one that states Telnet access to this device may be gained using the vty2access password.

Reply
#2
You are right. The answer is fixed.
Reply
#3
Muchos Gratias.  ;D
Reply
#4
Hello,
Sorry, but login using vty line password will NOT be possible.

The first FACT about AAA ==> Enabling AAA will override all other authentication methods already configured in the router (for TTY, VTY, CON, AUX...).
The correct answer is "a username/password are required to log in via telnet..."
If no custom method is applied to VTY, the default method will be used. And if this one is not configured than you ll be prompted to enter a username and password but you will never get access Big Grin
Reply
#5
i too believe this to incorrect.

Based on the cisco stuff i'm reading, and please correct me if my understaning is wrong -

1. AAA if enabled is used default across all interfaces including console, vty and tty
2. if you have a line password configure you need to configure aaa authentication login on the line

i.e. aaa authentication login <name> line and then apply this to the line.

Now given that in this question we have defined a password on the line adn that's what we want to use surely this will only become active once we have applied the line authentication element to the VTY config???

no?

thanks in advance.
Reply
#6
ok to add to this, i think i've figured out hte answer.

Becuase no default has been configured this is why the vty password will work.

so my previous statement point1, is only relevant if a default aaa auth is defined, in this case not. if it was THEN we would have to make sure the line command was added to the end.
Reply
#7
(11-24-2009, 03:24 PM)baloo247 link Wrote:ok to add to this, i think i've figured out hte answer.

Becuase no default has been configured this is why the vty password will work.

so my previous statement point1, is only relevant if a default aaa auth is defined, in this case not. if it was THEN we would have to make sure the line command was added to the end.

Again: Once "aaa new-model" command is entred, all the previous "old" auth methods will be overwritten.

As you know. "login" line-config mode command must be entred in order to activate the password check on the line.
once AAA is enabled, this command (without sub-commands) will never be accepted and obviously will be removed if it was already configured. instead, by default, "login authentication default" will be activated (even if not seen).

you can btw test it with dynamips.


Reply
#8
jadouking is absolutely right.

Tim
Reply
#9
ok after further reading/testing I agree. The minute you apply aaa new-model all hell breaks loose.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)