02-20-2013 07:31 AM - edited 03-10-2019 08:06 PM
Hello all.
I have the following configuration:
aaa new-model
!
aaa authentication banner ^
*******************************************************
* Display this if TACACS is not reachable *
*******************************************************
^
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
tacacs-server host 1.1.1.1
tacacs-server key aabb123
This configuration is running fine on all 12.x IOS versions that I have. The idea is that when TACACS is not available, the authentication banner is displayed. This is confirmed also in the documentation:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfathen.html#wp1052969
The AAA authentication banner message is not displayed if TACACS+ is the first method in the method list.
Now, with the release of 15.x, beside the fact that it's announcing tacacs-server host command to be deprecated, the authentication banner appear all the time, not matter of TACACS reachability.
Anybody has the same issue? Do you know if this functionality, as explained in 12.x IOS, is removed and the banner will appear for all login?
Thank you!
07-02-2013 10:13 AM
I am having the same problem, did you ever get this resolved?
07-02-2013 11:46 PM
Hello,
I did not solve this problem, but apparently this is not a problem as this feature is not supporte anymore in the newer IOS releases.
Cheers,
Calin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide