Spot on. For me this is a case of knowing how to deal with the issue, but not being sure I should deal with the issue (on the test specifically).
Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: Brandon Carroll [mailto:[email protected]] Sent: Thursday, April 08, 2010 10:28 AM To: Terry Little (terlittl) Cc: CCIE Sec Subject: Re: [OSL | CCIE_Security] Role based Authentication (vol 1, sec 5.7) Here is my understanding: You are on the console and in enable mode. You want to access the root view. You type to following: R7#enable view R7# Apr 8 17:32:12.592: %AAA-6-USER_BLOCKED: Enable view requires to be authenticated by non-none methods,Please use the appropriate method with the login authentication R7# ok so now I think I see what you are asking. I also tested it on my Router. It does appear that you must have an authentication method other than none to get back into the root view. In the workbook I dont thing you are ever asked to exit nor does the verification exit. Ill look into it a little more though. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 8, 2010, at 10:10 AM, Terry Little (terlittl) wrote: So does this mean that the solution guide needs to be changed for the "aaa authen default login" to be correct or is it a correct solution to the problem since the problem only refers to radius authentication? Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: Brandon Carroll [mailto:[email protected]] Sent: Thursday, April 08, 2010 10:08 AM To: Terry Little (terlittl) Cc: CCIE Sec Subject: Re: [OSL | CCIE_Security] Role based Authentication (vol 1, sec 5.7) Thats correct. It's because of the way that IOS associates a view name to a user, in this case the view called root. You have to have a method other than none for it to authenticate the user and tie you to a view. View Authentication via a New AAA Attribute View authentication is performed by an external authentication, authorization, and accounting (AAA) server via the new attribute "cli-view-name." AAA authentication associates only one view name to a particular user; that is, only one view name can be configured for a user in an authentication server. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 8, 2010, at 9:56 AM, Terry Little (terlittl) wrote: Second Try..... Just looking for clarification on the use of the root view. When I config as shown in the solution guide I can get back into root view if I exit out (on the console). I get the error: Apr 8 12:41:08.354: %AAA-6-USER_BLOCKED: Enable view requires to be authenticated by non-none methods, Please use the appropriate method with the login authentication If I change the login default to enable instead of none, then it works using the enable password. If I change to local then I can log in using a local user and then use the enable password to access the root view. Is this expected behavior? The solution guide does not show logging out of the root view on the console and then reentering the root view? Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
