cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
757
Views
9
Helpful
4
Replies

Authentication Failure Logging on Tacacs

KeithN123
Level 1
Level 1

Hi all,

We have a tacacs server (v3.3) which seems to be showing some strange characterisitics. If we look at the authentication failure logs on the ACS it shows what appears to be the Login Banner as well as attempted commands in the "Username" field. How is this possible? if the user has failed to authenticate, shouldn't it just show the name of the user?

regards

Keith

1 Accepted Solution

Accepted Solutions

Yes, this will have the same effect. Here is the example config to fix these kind of issues.

conf t

line aux 0

session time-out 20 ! The session times out after 20 minutes of inactivity.

no motd-banner ! disable the MOTD banner for reverse Telnet sessions

no exec

exec-timeout 0 0

Regards,

Jagdeep

View solution in original post

4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

Keith,

If you have any modem or terminal server connected to this device for out of band management?

In these type of issues the problem is with the modem or term ser. It echo's back exec information from the console. The console interprets these message as login requests. This is extremely common. If that is the case then we need to reconfigure modem or term server, so that it does not echo.

If it's an IOS terminal server, the "no exec" command resolves the issue. If it is a modem, it must be reconfigured so that it no longer echoes.

Hope that helps !

Regards,

Jagdeep

Jagdeep

I had a feeling it was something like this. We don't actually have a modem connected, what we have is a pair of routers with the aux port of one router connected to the console port of the other - the idea being that we could reverse telnet into the console port....I am actually seeing lots of noise onthe aux and console lines ....would this have the same effect ?

Yes, this will have the same effect. Here is the example config to fix these kind of issues.

conf t

line aux 0

session time-out 20 ! The session times out after 20 minutes of inactivity.

no motd-banner ! disable the MOTD banner for reverse Telnet sessions

no exec

exec-timeout 0 0

Regards,

Jagdeep

Many rhanks Jagdeep. This has resolved our problems.

regards

Keith