ACS Banner (TACACS)

Unanswered Question
Feb 3rd, 2009
User Badges:

Is there anywhere in Cisco ACS (3.3) where I can set a central Banner message, or a custom login prompt?

I would like to know when I get a login prompt if it is going to authenticate via TACACS or using the local db.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Tue, 02/03/2009 - 10:59
User Badges:
  • Red, 2250 points or more

aaa authentication fail-message ^C

aaa authentication password-prompt "Enter local password:"

aaa authentication username-prompt TACISDOWN



Regards,

~JG


Do rate helpful posts

random_camden Tue, 02/03/2009 - 11:24
User Badges:

Thanks JG.

I can see how that works for failures, but is there any way to set it on the ACS server for if TACACS is available?


Neil

Jagdeep Gambhir Tue, 02/03/2009 - 11:48
User Badges:
  • Red, 2250 points or more

Neil,

That you can set up on router itself by this command

=======================

aaa authentication fail-message ^

TACACS Password Incorrect^


When tacacs is available and you issue wrong password ---> It will prompt TACACS password Incorrect.



====================



aaa authentication username-prompt TACISDOWN


IF tacacs is down--->It will prompt tacacsdown.


You will use local password

======================



I don't think we can set it up on acs.


Regards,

~JG






random_camden Tue, 02/03/2009 - 12:03
User Badges:

Thanks again JG

An ACS solution would be neater, as I have 10,000+ devices to configure, but at least this will give the end result!


Neil


darpotter Wed, 02/04/2009 - 00:47
User Badges:
  • Silver, 250 points or more

I did some googling on this and was horrified to not find anything. RADIUS has the Reply-Message attribute that can do exactly this.


I guess you could to use Cisco Works to push the prompt command out to every device?

Actions

This Discussion