Here is my understanding: You are on the console and in enable mode. You want to access the root view. You type to following:
R7#enable view R7# Apr 8 17:32:12.592: %AAA-6-USER_BLOCKED: Enable view requires to be authenticated by non-none methods,Please use the appropriate method with the login authentication R7# ok so now I think I see what you are asking. I also tested it on my Router. It does appear that you must have an authentication method other than none to get back into the root view. In the workbook I dont thing you are ever asked to exit nor does the verification exit. Ill look into it a little more though. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 8, 2010, at 10:10 AM, Terry Little (terlittl) wrote: > So does this mean that the solution guide needs to be changed for the “aaa > authen default login” to be correct or is it a correct solution to the > problem since the problem only refers to radius authentication? > > Terry Little > (425) 894-4109 (m) > (425) 468-1057 (o) > From: Brandon Carroll [mailto:[email protected]] > Sent: Thursday, April 08, 2010 10:08 AM > To: Terry Little (terlittl) > Cc: CCIE Sec > Subject: Re: [OSL | CCIE_Security] Role based Authentication (vol 1, sec 5.7) > > Thats correct. It's because of the way that IOS associates a view name to a > user, in this case the view called root. You have to have a method other > than none for it to authenticate the user and tie you to a view. > View Authentication via a New AAA Attribute > View authentication is performed by an external authentication, > authorization, and accounting (AAA) server via the new attribute > "cli-view-name." > AAA authentication associates only one view name to a particular user; that > is, only one view name can be configured for a user in an authentication > server. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > On Apr 8, 2010, at 9:56 AM, Terry Little (terlittl) wrote: > > > Second Try….. > > Just looking for clarification on the use of the root view. > > When I config as shown in the solution guide I can get back into root view if > I exit out (on the console). I get the error: > > Apr 8 12:41:08.354: %AAA-6-USER_BLOCKED: Enable view requires to be > authenticated by non-none methods, Please use the appropriate method with the > login authentication > > If I change the login default to enable instead of none, then it works using > the enable password. If I change to local then I can log in using a local > user and then use the enable password to access the root view. > > Is this expected behavior? The solution guide does not show logging out of > the root view on the console and then reentering the root view? > > Terry Little > [email protected] > Phone: +1 425 468 1057 > Mobile: +1 425 894 4109 > > Cisco Systems, Inc. > Network Consulting Engineer > World Wide Security Services Practice > Cisco.com - http://www.cisco.com > > This email may contain confidential and privileged material for the sole use > of the intended recipient. Any review, use, distribution or disclosure by > others is strictly prohibited. If you are not the intended recipient (or > authorized to receive for the recipient), please contact the sender by reply > email and delete all copies of this message. > > For corporate legal information go to: > http://www.cisco.com/web/about/doing_business/legal/cri/index.html > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
