[c-nsp] Cisco 2611XM as console router
David Prall
dcp at dcptech.com
Mon Feb 6 22:58:32 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
For the async lines on the terminal server you can define a aaa profile that doesn't require login. This will bypass login for the async lines and only require the login to the console port on the connected router. It has been a while since I actually configured this, so I don't have a sample.
- --
David C Prall dcp at dcptech.com http://dcp.dcptech.com
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Oliver Boehmer (oboehmer)
> Sent: Monday, February 06, 2006 8:01 AM
> To: Jee Kay; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Cisco 2611XM as console router
>
> Jee Kay <> wrote on Monday, February 06, 2006 1:20 PM:
>
> > I've got a pair of 2611XMs (12.3(6f)) that we're using as console
> > routers.
> >
> > To authenticate to the routers, we are using SecurID tokens
> which only
> > change once a minute... soo, quite often what happens is you have to
> > log onto the router, 'connect <device>' which prompts you to
> > authenticate again, wait a minute to authenticate, get console of
> > <device>, wait a minute, authenticate again.
> >
> > What I was wondering is if there is a way to prevent the Cisco
> > requiring new authentication when you connect to the async lines? I
> > realise if you connect to a port directly from external you
> obviously
> > should still authenticate (telnet mgt-router 20xx), but if you are
> > connecting to the port _from the router itself_, is there a way to
> > skip that second auth request?
>
> I don't think there is a way to suppress the authentication when
> connecting to the async lines from within the router, but have you
> evaluated doing this on your AAA/T+ backend?
> You should be able to distinguish the local from the remote
> connections
> by looking at the rem_addr Tacacs+ attribute which contains the user's
> remote address, which is local to the router when connecting
> locally. By
> using a "ip telnet source-interface <interface>", you can make this a
> fixed address (no matter which destination the user uses)..
>
> Might not be a trivial task, not sure which T+ servers allow this kind
> of control..
>
> oli
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)
iQEVAwUBQ+ga6IYwPzEDHVgLAQgL0gf/elapsysgg/gyTTcDUba0z0UMf0u4vG6y
Pe98PepFEGpve4Q3kO5XYkp/gM88c8bycOe/Gzl120UAG3SqMp/7Kvoe6TFO8a/3
Y3olbT7dn6trWPAOuENgcL2b3JTRWaO5oelJJVdK/NviGxgEwO8nK+nsjDaHM5nf
sbd+E7mGyFS+ewYiMYznLTI9oh6w5v1j50g0lSdlINebZKU170pXv3GEUjyhillX
NQLY/Rjabn5TIXJmWL+P6fPk26dJuLTh1SXn308L9UpVFb5xxXxjFJvY3weXeBLt
SvLzd9g0njORuk11gYYcl4nolTJGqaKaGyFhLZR/AJZv6KFuzQtYdA==
=gYiy
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list