[Contents] [Prev] [Next] [Index] [Report an Error]


Vty Line Authentication

The system supports 20 virtual tty (vty) lines for Telnet, Secure Shell Server (SSH) and FTP services. Each Telnet, SSH, or FTP session requires one vty line. You can add security to your system by configuring the software to validate login requests. There are two modes of authentication for a vty line:

Configuring Simple Authentication

To configure simple authentication:

  1. Specify a vty line or a range of vty lines on which you want to enable the password.
host1(config)#line vty 8 13
host1(config-line)#
  1. Specify the password for the vty lines.
host1(config-line)#password 0 mypassword
  1. Enable login authentication on the lines.
host1(config-line)#login
  1. Display your vty line configuration.
host1#show line vty 8
no access-class in
data-character-bits 8
exec-timeout never
exec-banner enabled
motd-banner enabled
login-timeout 30 seconds 

    line

host1(config)#line vty 8 13

    login

host1(config-line)#login

    password



Note:
To use an encrypted password or a secret, you must follow the procedure in Setting Basic Password Parameters earlier in this chapter to obtain the encrypted password or secret. You cannot create your own encrypted password or secret; you must use a system-generated password or secret.

host1(config-line)#password 0 mypassword
host1(config-line)#password 5 bcA";+1aeJD8)/[1ZDP6 
host1(config-line)#password 7 dq]XG`,%N"SS7d}o)_?Y

    show line vty

host1#show line vty 0
no access-class in
data-character-bits 8
exec-timeout 3w 3d 7h 20m 0s
exec-banner enabled
motd-banner enabled
login-timeout 30 seconds 

Configuring AAA Authentication

Before you configure AAA authentication, you need to configure a RADIUS authentication server.

To configure AAA new model authentication for inbound sessions to vty lines on your system:

  1. Specify AAA new model authentication.
host1(config)#aaa new-model
  1. Create an authentication list that specifies the type(s) of authentication methods allowed.
host1(config)#aaa authentication login my_auth_list radius 
line none
  1. Specify the range of vty lines.
host1(config)#line vty 6 10
host1(config-line)#
  1. If you specified that a password is required in step 2, specify a password for the vty lines.
host1(config-line)#password xyz
  1. Apply the authentication list to the vty lines.
host1(config-line)#login authentication my_auth_list

    aaa authentication login

host1(config)#aaa authentication login my_auth_list radius 
line none

    aaa new-model

host1(config)#aaa new-model

    line

host1(config)#line vty 6 10

    login authentication

host1(config-line)#login authentication my_auth_list

    password



Note:
To use an encrypted password or a secret, you must follow the procedure in Setting Basic Password Parameters earlier in this chapter to obtain the encrypted password or secret. You cannot create your own encrypted password or secret; you must use a system-generated password or secret.

host1(config-line)#password 0 mypassword
host1(config-line)#password 5 bcA";+1aeJD8)/[1ZDP6 
host1(config-line)#password 7 dq]XG`,%N"SS7d}o)_?Y

[Contents] [Prev] [Next] [Index] [Report an Error]