1 Reply Latest reply: May 8, 2011 9:03 AM by Keith Barker - CCIE RS/Security, CISSP RSS

    Facing problem with Rolebased CLI Views for enhanced security

    Nirav Bhatt

      Hi All,


      I have two routers (R1 & R2) connected as point to point over ethernet. Connection is established correctly. Ping, telnet everything is working fine. But facing few problems. All CLI vies are created on R2 only. R1 is configured with only line vty for telnet from R2 to R1 and all other normal configurations done.


      Problem1: When I do telnet from R1 to R2, it asks for username and password instead of asking for just password. While I have not configured any command on R2 with login local over line vty. Even I haven't configured any username <name> password <password> command in R2.   I have just created password <password> commnad over line vty and then login command and exited. Why it asks for username and password for telnet? I feel that for creating CLI views, I need to configure aaa new-model command, and that's why it asks for username and password, instead of asking just password. If this is the case, what is the suggestion/recommended steps? Please guide me.


      Problem2: When I do telnet and trying to enter with any particular CLI views which I have created on R2, it asks for password. It is correct. But, when I am in R2. I exited out completely from R2. And, then again I try to enter in R2 with enable view <view_name>, it doesn't ask me for the password and enters with that view privileges. While I have already set password for that view. Even for that view, password is visible in show runnig-config in encrypted form. Can anybody guide me, what could be resolution to it or any suggestion.


      Or, if I am wrong at any point, please correct me.


      Thanks in advance.