Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


ACS | How to stop unknown users password reset option on Routers and Switches?


I have recently come across an issue with ACS/AAA. Still not sure what is causing the issue. 

Before i go for the issue, I would like to add few information about how we authenticate users to logon to Network devices. 

We use ACS to authenticate the login users. ACS will authenticate allowed AD users. We enable tacacs and AAA config on the Network device. 

Now the issue is, When we login with username and give enter without a password. The CLI will give us an option to reset the password by prompting us to input old password and then new password. 

The password reset option is working for the allowed users. But when i enter an username which doesn't exist. The password reset option is still being shown and reset option is being shown. attached an image FYI.

I need to fix this issue. Network devices should not be giving an option to reset for unknown usernames when Tacacs based auth is used. 

Thank you, 

Everyone's tags (1)