Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Next Token Code

Hi there,

I got a Cisco 3661 router, a ACS server and a ACE server installed in different boxes. An ACE client has been installed in the same box as ACS server. There is an AAA authentication configured on the Cisco 3661 router with TACACS+ authentication method pointing to ACS server. Users of ACS have been configured with RSA Token Server as authentication server. Token users have been configured with Next TokenCode mode on after five incorrect attempts. When I type the password correctly during Next TokenCode mode, I get a message somthing like "Enter Next PASSCODE", but then the router prompts me username again. From the router debug message, it is found that the router treats it as a fail attempt. May I ask how can I handle Next Token Code mode for user telnet to routers?

many thanks

David

1 REPLY
Bronze

Re: Next Token Code

Check the absolute timeout in the Router and also the uauth timer of the aaa.

It is probable that it is a timer issue. You could increase the timeout values.

The New PIN and Next Tokencode functions, depends on all components in the authentication path. For example, dial-up users must typically use a terminal window after dial-up to gain this full functionality.

I would advise you to check the details of the method of access that would be required to avail the Next token facility...

Also refer:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb0b5.html

377
Views
0
Helpful
1
Replies
CreatePlease to create content