Question about TACACS and outbound line authentication

[rainman]

Hello,

I have configured a few of my Cisco devices for TACACS and this works properly with my Cisco ACS server. One thing I noticed though, is some of the routers that I configured TACACS on, when you access the device via SSH/telnet, it will prompt you for user/password no problem. My problem tho is some of these devices are routers with async blades (16/32port NM-based async blade) and when I try to use one of those lines, I get prompted AGAIN for authentication. It seems that since I configured TACACS, i get prompted to log into my router, then prompted AGAIN on the way out of the line. Is there a way around this? I dont have a reason to authenticate when going out a terminal line on a router.


Thanks,

Rainman

 

[BuckWeet]

you should be able to go under the line and do 'no login'

you also want to do 'no exec' so that when/if someone comes in from the outbound line, it won't give them a cli prompt.

 

[rainman]

BuckWeet

That command "no login" is not valid under the line configuration. I also tried "no login authentication", and taht command IS valid but it doesn't actually stop prompting AAA when you exit the line. Any other thoughts?


-Rainman

 

[BuckWeet]

okay..

well here's another thing to try..

do like:

aaa authentication login noauth none
!
line x
login authentication