Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Legal Banner for PPP dialup at logon not working correctly

I am trying to use the "aaa authentication banner" IOS command to

pop up a window that the user clicks ok to, that warns of the legal

ramifications of using our computer systems. I entered the "aaa

authentication banner" command with the warning but it only works with

telnet not my ppp dialup connections. We have the Cisco Secure Access server using TACACS+ for our AAA. I also have a "banner login" command in my Cisco 3640 router.

I noticed that under Microsoft OS dialup networking security options one of

them is to bring up a terminal window ("show terminal window"). This does

display the legal banner message but it request the user to login directly

into the Cisco 3640 (This request to the user from the Cisco 3640 is

confusing). If the user clicks "Done" then everything works fine, the

connection is authenticated with the Cisco Secure Server and the PPP

connection is completed. But if the user enters his/her username and

password (now for the second time) it attempts to log him/her into the Cisco

3640 --- which is what I do not want. We are using TACACS+ and I have all

general users prohibited from login to the Cisco 3640 like we want. Is

their any way to use the terminal window without prompting the user to login

directly to the Cisco 3640 ? Or can the username: and password: prompts be

blanked out ? Any other solutions ?


Re: Legal Banner for PPP dialup at logon not working correctly

"aaa authen banner" command does not do what you think it might. Pushing out banners or any character-mode data to packet-mode PPP is not an option. I believe

doing it via async mode interactive is the only chance but thats not ofcourse too attractive. I am not sure if username: and password: prompts could be blanked out.