I got a Cisco 3661 router, a ACS server and a ACE server installed in different boxes. An ACE client has been installed in the same box as ACS server. There is an AAA authentication configured on the Cisco 3661 router with TACACS+ authentication method pointing to ACS server. Users of ACS have been configured with RSA Token Server as authentication server. Token users have been configured with Next TokenCode mode on after five incorrect attempts. When I type the password correctly during Next TokenCode mode, I get a message somthing like "Enter Next PASSCODE", but then the router prompts me username again. From the router debug message, it is found that the router treats it as a fail attempt. May I ask how can I handle Next Token Code mode for user telnet to routers?
Check the absolute timeout in the Router and also the uauth timer of the aaa.
It is probable that it is a timer issue. You could increase the timeout values.
The New PIN and Next Tokencode functions, depends on all components in the authentication path. For example, dial-up users must typically use a terminal window after dial-up to gain this full functionality.
I would advise you to check the details of the method of access that would be required to avail the Next token facility...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :