Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASA Telnet Admin Session Password Change via TACACS

 

Introduction

This procedure will explain how to change the password for a telnet admin session on the ASA platform using Cisco ACS TACACS server.

Note: Password change for SSH and ASDM admin sessions are not supported.

 

Configuration on ASA

 

1. Define the TACACS aaa-server

5580-20-1(config)# show runn aaa-server TACACS17
aaa-server TACACS17 protocol tacacs+ 
aaa-server TACACS17 (inside) host 10.148.1.17 
key cisco 
5580-20-1(config)#

 

2. Define the administrative authentication type for telnet

5580-20-1(config)# show runn aaa     
aaa authentication telnet console TACACS17 
5580-20-1(config)#

 

ACS/TACACS server Configuration

 

1. Under Interface-TACSACS(Cisco IOS) go to Advanced Configuration Options


2. Check the Advanced TACACS+ Feautures option

Tacacs1.gif


3. Under Group go to Password Aging Rules section and check Apply password change rule

Tacacs_2.gif


4. Under User go to TACACS+ Enable PAssword secion and check Use Cisco PAP Password

Tacacs3.gif


5. Under System Configuration select Local Password Management and set a proper policy

Tacacs4.gif

 

Telnet Session Password Change

 

Here is the expected behavior.

Tacacs5.gif

 

Syslogs for exchange

 

%ASA-6-113010: AAA challenge received for user telnet1 from server mcs-ibm3.
%ASA-6-113004: AAA user authentication Successful : server =  mcs-ibm3 : user = telnet1
6214
Views
5
Helpful
0
Comments