cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1069
Views
0
Helpful
2
Replies
Calin C.
Contributor

AAA and authentication banner

Hello all.

I have the following configuration:

aaa new-model

!

aaa authentication banner ^

*******************************************************

* Display this if TACACS is not reachable        *

*******************************************************

^

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!

tacacs-server host 1.1.1.1

tacacs-server key aabb123

This configuration is running fine on all 12.x IOS versions that I have. The idea is that when TACACS is not available, the authentication banner is displayed. This is confirmed also in the documentation:

http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfathen.html#wp1052969

The AAA authentication banner message is not displayed if TACACS+ is the first method in the method list.

Now, with the release of 15.x, beside the fact that it's announcing tacacs-server host command to be deprecated, the authentication banner appear all the time, not matter of TACACS reachability.

Anybody has the same issue? Do you know if this functionality, as explained in 12.x IOS, is removed and the banner will appear for all login?

Thank you!

2 REPLIES 2
bforan
Beginner

I am having the same problem, did you ever get this resolved?

Hello,

I did not solve this problem, but apparently this is not a problem as this feature is not supporte anymore in the newer IOS releases.

Cheers,

Calin

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube