EasyManuals Logo
Home>Cisco>Network Router>ASR 5500

Cisco ASR 5500 System Administration Guide

Cisco ASR 5500
430 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #71 background imageLoading...
Page #71 background image
Disable AAA-based Authentication for Console
A noconsole keyword for the Global Configuration mode local-user allow-aaa-authentication command
disables AAA-based authentication on the Console line.
configure
local-user allow-aaa-authentication noconsole
exit
Since local-user authentication is always performed before AAA-based authentication and local-user
allow-aaa-authentication noconsole is enabled, the behavior is the same as if no local-user
allow-aaa-authentication is configured. There is no impact on vty lines.
This command does not apply for a Trusted build because the local-used database is unavailable.Important
Disable TACACS+ Authentication at the Context Level
When you enable aaa tacacs+ in the Global Configuration mode, TACACS+ authentication is automatically
applied to all contexts (local and non-local). In some network deployments you may wish to disable TACACS+
services for a specific context(s).
You can use the no aaa tacacs+ Context Configuration command to disable TACACS+ services within a
context.
configure
context ctx_name
no aaa tacacs+
Use the aaa tacacs+ Context Configuration command to enable TACACS+ services within a context where
it has been previously disabled.
AAA TACACS+ services must be enabled in the Global Configuration mode (all contexts) before you
can selectively disable the services at the context level. You cannot selectively enable TACACS+ services
at the context level when it has not been enabled globally.
Important
Limit local-user Login on Console/vty Lines
As a security administrator when you create a StarOS user you can specify whether that user can login through
the Console or vty line. The [ noconsole | novty ] keywords for the Global Configuration mode local-user
username command support these options.
configure
local-user username <username> [ noconsole | novty ]
exit
The noconsole keyword prevents the user from logging into the Console port. The novty keyword prevents
the user from logging in via an SSH or telnet session. If neither keyword is specified access to both Console
and vty lines is allowed.
ASR 5500 System Administration Guide, StarOS Release 21.5
45
System Settings
Disable AAA-based Authentication for Console

Table of Contents

Other manuals for Cisco ASR 5500

Preview: Administration Guide
Administration Guide508 pages
Preview: Installation Guide
Installation Guide192 pages
Preview: Installation Procedure Overview
Installation Procedure Overview6 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 5500 and is the answer not in the manual?

Cisco ASR 5500 Specifications

General IconGeneral
BrandCisco
ModelASR 5500
CategoryNetwork Router
LanguageEnglish

Related product manuals