| Here are two questions that a lot of new Cisco | | | | server where all usernames and passwords are |
| Engineers struggle with. | | | | stored. A windows 2000/2003 server could be used |
| - Are passwords required on vty lines? | | | | for example, so that users use the same passwords |
| - How do you configure vty passwords? | | | | on windows and routers/switches. |
| Here we look at 4 options: | | | | Router>enable Router#configure terminal |
| - Line passwords | | | | Router(config)#aaa new-model Router(config)#aaa |
| - Local username passwords | | | | authentication login default group tacacs |
| - No login | | | | Router(config)#line vty 0 4 Router(config)#login |
| - AAA | | | | authentication default |
| In the previous article I covered options 1 and 2. In this | | | | Testing: C:>telnet 10.1.2.1 |
| article I cover options 3 & 4. | | | | User Access Verification Username: david Password: |
| No password (not recommended): It is possible to set | | | | Router |
| up a router to allow vty connections without | | | | More configuration would be required for AAA |
| authentication. This is not a good idea for the real | | | | integration. |
| world, but in a lab environment it can save time. | | | | Please look for my other articles explaining how to |
| Router>enable Router#configure terminal | | | | setup AAA authentication. |
| Router(config)#line vty 0 4 Router(config-line)#no login | | | | Conclusion: The most secure way to implement vty |
| Testing: C:>telnet 10.1.2.1 Router> | | | | passwords is to use a AAA server. However, you |
| Notice that no authentication was required. You are | | | | may be required to implement other methods and |
| taken directly to user mode. | | | | hence the need to know about the 4 methods |
| AAA servers: This is the most secure and scalable | | | | covered in my articles. |
| way of implementing authentication. This uses a central | | | | |