Unanswered Question
Feb 3rd, 2009
User Badges:

Is there anywhere in Cisco ACS (3.3) where I can set a central Banner message, or a custom login prompt?

I would like to know when I get a login prompt if it is going to authenticate via TACACS or using the local db.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Tue, 02/03/2009 - 10:59
User Badges:
  • Red, 2250 points or more

aaa authentication fail-message ^C

aaa authentication password-prompt "Enter local password:"

aaa authentication username-prompt TACISDOWN



Do rate helpful posts

random_camden Tue, 02/03/2009 - 11:24
User Badges:

Thanks JG.

I can see how that works for failures, but is there any way to set it on the ACS server for if TACACS is available?


Jagdeep Gambhir Tue, 02/03/2009 - 11:48
User Badges:
  • Red, 2250 points or more


That you can set up on router itself by this command


aaa authentication fail-message ^

TACACS Password Incorrect^

When tacacs is available and you issue wrong password ---> It will prompt TACACS password Incorrect.


aaa authentication username-prompt TACISDOWN

IF tacacs is down--->It will prompt tacacsdown.

You will use local password


I don't think we can set it up on acs.



random_camden Tue, 02/03/2009 - 12:03
User Badges:

Thanks again JG

An ACS solution would be neater, as I have 10,000+ devices to configure, but at least this will give the end result!


darpotter Wed, 02/04/2009 - 00:47
User Badges:
  • Silver, 250 points or more

I did some googling on this and was horrified to not find anything. RADIUS has the Reply-Message attribute that can do exactly this.

I guess you could to use Cisco Works to push the prompt command out to every device?


This Discussion