AAA authentication banner

prekojo · ‎12-03-2008

I configured my 3750 switches to use the "aaa authentication banner" command and I setup a custom banner. If the ACS server is online I don't see this custom banner. If I disconnect the Cisco ACS server from the network forcing local authentication, the banner is displayed. The "aaa authentication fail-message" works perfectly all the time. Why is the aaa authentication banner not being displayed?

Thanks for the help.

Joe

cisco24x7 · ‎12-03-2008

Look like your platform does not support aaa

authentication banner:

The following platforms support login banners for AAA authentication:

â€¢Cisco 1003, Cisco 1004, Cisco 1005

â€¢Cisco 2500 series

â€¢Cisco 3000/IGS

â€¢Cisco 4000 series (Cisco 4000, 4000-M, 4500, 4500-M, 4700, 4700-M)

â€¢Cisco AS5200 series

â€¢Cisco AS5300

â€¢Cisco 7000 series

â€¢Cisco 7200 series

â€¢Cisco 7500 series

That being said, it is not working on the

Cisco VXR7204 either.

prekojo · ‎12-03-2008

Thanks for the information. Could you please tell me where you found this information?

Thanks

Joe

cisco24x7 · ‎12-03-2008

http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/banner.html

andrew.burns · ‎12-04-2008

Hi,

That link is out of date as it refers to IOS version 11.3 - the feature really is supported (which can be checked using the feature navigator).

The original question refers to the feature not working as expected - not whether it's supported or not. If we check the command reference we can see a note as follows:

The AAA authentication banner message is not displayed if TACACS+ is the first method in the method list.

I suspect this might be why it isn't working as expected. If so, a message of the day banner might be a better solution. (Using the banner motd command.)

HTH

Andrew.

prekojo · ‎12-04-2008

Thanks for the info. I am glad I finally understand why this is not working that way I thought it would.