Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1260
Views
0
Helpful
2
Replies

AAA and authentication banner

Calin C.
Level 5
Level 5

‎02-20-2013 07:31 AM - edited ‎03-10-2019 08:06 PM

Hello all.

I have the following configuration:

aaa new-model

!

aaa authentication banner ^

*******************************************************

* Display this if TACACS is not reachable        *

*******************************************************

^

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!

tacacs-server host 1.1.1.1

tacacs-server key aabb123

This configuration is running fine on all 12.x IOS versions that I have. The idea is that when TACACS is not available, the authentication banner is displayed. This is confirmed also in the documentation:

http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfathen.html#wp1052969

The AAA authentication banner message is not displayed if TACACS+ is the first method in the method list.

Now, with the release of 15.x, beside the fact that it's announcing tacacs-server host command to be deprecated, the authentication banner appear all the time, not matter of TACACS reachability.

Anybody has the same issue? Do you know if this functionality, as explained in 12.x IOS, is removed and the banner will appear for all login?

Thank you!

Labels:
0 Helpful
2 Replies 2

bforan
Level 1
Level 1

‎07-02-2013 10:13 AM

I am having the same problem, did you ever get this resolved?

0 Helpful

Calin C.
Level 5
Level 5
In response to bforan

‎07-02-2013 11:46 PM

Hello,

I did not solve this problem, but apparently this is not a problem as this feature is not supporte anymore in the newer IOS releases.

Cheers,

Calin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents