I have an ACS 5.4 server deployed to provide TACACS+ AAA authentication to network devices for the network admins. Under System Administration / Configuration / Global System Options / TACACS+ Settings I have configured a custom username and password prompt.
This works fine but on one particular device it does not work when I use SSH to get CLI admin access to the device. When I use telnet the custom prompts are all presented fine.
The device in question is a C3750-24TS-S running c3750-ipservicesk9-mz.122-40.SE.bin
This has got me scratching my head. Has anyone come across any similar situations?
thanks for the response. I dont think that this is the issue though. I have another device that I authenticate to via the same ACS platform. I use SSH v2 to connect to it (the same as the problematic C3750) and the device presents me with the ACS customised prompt just fine.
Looking at the authentication logs on the ACS for the problematic c3750 it clearly states that the ACS custom login prompt is to be used. The prompt does not appear on the device CLI though.
HI Ed. Happy New Year. Here's the show ver output from the problematic switch....
uptime is 32 weeks, 4 days, 14 hours, 28 minutes System returned to ROM by power-on System restarted at 19:14:00 BST Sat May 18 2013 System image file is "flash:c3750-ipservicesk9-mz.122-40.SE.bin"
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.
If you require further assistance please contact us by sending email to firstname.lastname@example.org.
cisco WS-C3750-24TS (PowerPC405) processor (revision U0) with 118784K/12280K bytes of memory. Processor board ID FDO1425X41Q Last reset from power-on 2 Virtual Ethernet interfaces 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : A8:B1:D4:67:91:80 Motherboard assembly number : 73-9677-15 Power supply part number : 341-0034-01 Motherboard serial number : FDO14230875 Power supply serial number : DTH1403107E Model revision number : U0 Motherboard revision number : A0 Model number : WS-C3750-24TS-S System serial number : FDO1425X41Q Top Assembly Part Number : 800-25857-07 Top Assembly Revision Number : A0 Version ID : V10 CLEI Code Number : COMAG10BRA Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 26 WS-C3750-24TS 12.2(40)SE C3750-IPSERVICESK9-M
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :