09-14-2018 08:34 AM
I always change the password prompt in ISE for TACACS to "AD Password:" to signal to the network admin that TACACS is working. Older IOS versions don't respect the password prompt change and neither do Nexus switches. Has anyone gotten password prompt change via TACACS to work on Nexus?
Solved! Go to Solution.
10-25-2018 07:10 PM - edited 10-25-2018 07:11 PM
tomz.pl - Cisco AAA (TACACS) configuration on: IOS/NXOS/XR shows that the two configuration commands are IOS only:
aaa authentication password-prompt "LOCAL Password: "
aaa authentication username-prompt "LOCAL Username: "
And, Identifying TACACS+ failure « ipSpace.net blog clarifies that
... SSH does not pass authentication prompts between the server and the client (all prompting is done locally in the client)....
10-21-2018 04:15 PM
It's not working for me, either. With CSR1Kv (running IOS-XE 03.17.03.S), I see the prompt change only with Telnet but not SSH. In addition, I am unable to find any support for the feature "message banners for AAA authentication" on my test network devices.
10-25-2018 07:10 PM - edited 10-25-2018 07:11 PM
tomz.pl - Cisco AAA (TACACS) configuration on: IOS/NXOS/XR shows that the two configuration commands are IOS only:
aaa authentication password-prompt "LOCAL Password: "
aaa authentication username-prompt "LOCAL Username: "
And, Identifying TACACS+ failure « ipSpace.net blog clarifies that
... SSH does not pass authentication prompts between the server and the client (all prompting is done locally in the client)....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide