AAA Fallback Username and Password prompt

anthonykahwati · ‎08-09-2012

Hello

Is there a way to configure a switch to change the login prompt if the Radius / TACACS server is not responding? e.g.

AAA Server is responding:

Username:

Password:

AAA Server not responding:

Fallback_Username:

Fallback_Password:

Many thanks

Anthony

Karsten Iwen · ‎08-09-2012

Yes that's possible:

aaa authentication password-prompt "Fallback_Password:"

aaa authentication username-prompt "Fallback_Username:"

http://www.cisco.com/en/US/partner/docs/ios/security/command/reference/sec_a1.html#wp1060150

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

anthonykahwati · ‎08-09-2012

Thanks Karsten

I have tried this already but it changes the prompt for all the time. Is there a way for it to prompt you in one way for when the aaa server is reachable, but then another when it is not?

Thanks

Anthony

Karsten Iwen · ‎08-09-2012

Are you using RADIUS? For TACACS+ the prompt doesn't get overwritten.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

anthonykahwati · ‎08-09-2012

Hi, yes, using RADIUS. We plan to go to Cisco ISE, but that does not support TACACS+ yet so seeing if RADIUS will be suitable for us in the meantime..... just trying to do as much various configs as possible.