ACS Banner (TACACS)

random_camden · ‎02-03-2009

Is there anywhere in Cisco ACS (3.3) where I can set a central Banner message, or a custom login prompt?

I would like to know when I get a login prompt if it is going to authenticate via TACACS or using the local db.

Jagdeep Gambhir · ‎02-03-2009

aaa authentication fail-message ^C

aaa authentication password-prompt "Enter local password:"

aaa authentication username-prompt TACISDOWN

Regards,

~JG

Do rate helpful posts

random_camden · ‎02-03-2009

Thanks JG.

I can see how that works for failures, but is there any way to set it on the ACS server for if TACACS is available?

Neil

Jagdeep Gambhir · ‎02-03-2009

Neil,

That you can set up on router itself by this command

=======================

aaa authentication fail-message ^

TACACS Password Incorrect^

When tacacs is available and you issue wrong password ---> It will prompt TACACS password Incorrect.

====================

aaa authentication username-prompt TACISDOWN

IF tacacs is down--->It will prompt tacacsdown.

You will use local password

======================

I don't think we can set it up on acs.

Regards,

~JG

random_camden · ‎02-03-2009

Thanks again JG

An ACS solution would be neater, as I have 10,000+ devices to configure, but at least this will give the end result!

Neil

darpotter · ‎02-04-2009

I did some googling on this and was horrified to not find anything. RADIUS has the Reply-Message attribute that can do exactly this.

I guess you could to use Cisco Works to push the prompt command out to every device?