Solved: Re: Changing Password Prompt on Nexus via TACACS

paul · ‎09-14-2018

I always change the password prompt in ISE for TACACS to "AD Password:" to signal to the network admin that TACACS is working. Older IOS versions don't respect the password prompt change and neither do Nexus switches. Has anyone gotten password prompt change via TACACS to work on Nexus?

hslai · ‎10-25-2018

tomz.pl - Cisco AAA (TACACS) configuration on: IOS/NXOS/XR shows that the two configuration commands are IOS only:

aaa authentication password-prompt "LOCAL Password: "
aaa authentication username-prompt "LOCAL Username: "

And, Identifying TACACS+ failure « ipSpace.net blog clarifies that

... SSH does not pass authentication prompts between the server and the client (all prompting is done locally in the client)....

View solution in original post

hslai · ‎10-21-2018

It's not working for me, either. With CSR1Kv (running IOS-XE 03.17.03.S), I see the prompt change only with Telnet but not SSH. In addition, I am unable to find any support for the feature "message banners for AAA authentication" on my test network devices.

hslai · ‎10-25-2018

tomz.pl - Cisco AAA (TACACS) configuration on: IOS/NXOS/XR shows that the two configuration commands are IOS only:

aaa authentication password-prompt "LOCAL Password: "
aaa authentication username-prompt "LOCAL Username: "

And, Identifying TACACS+ failure « ipSpace.net blog clarifies that

... SSH does not pass authentication prompts between the server and the client (all prompting is done locally in the client)....