Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
6967
Views
5
Helpful
0
Comments

ASA Telnet Admin Session Password Change via TACACS

ITA Terms
Community Member

‎06-10-2009 05:20 AM - edited ‎02-21-2020 09:53 PM

 

Introduction

This procedure will explain how to change the password for a telnet admin session on the ASA platform using Cisco ACS TACACS server.

Note: Password change for SSH and ASDM admin sessions are not supported.

 

Configuration on ASA

 

1. Define the TACACS aaa-server

5580-20-1(config)# show runn aaa-server TACACS17
aaa-server TACACS17 protocol tacacs+ 
aaa-server TACACS17 (inside) host 10.148.1.17 
key cisco 
5580-20-1(config)#

 

2. Define the administrative authentication type for telnet

5580-20-1(config)# show runn aaa     
aaa authentication telnet console TACACS17 
5580-20-1(config)#

 

ACS/TACACS server Configuration

 

1. Under Interface-TACSACS(Cisco IOS) go to Advanced Configuration Options


2. Check the Advanced TACACS+ Feautures option

Tacacs1.gif


3. Under Group go to Password Aging Rules section and check Apply password change rule

Tacacs_2.gif


4. Under User go to TACACS+ Enable PAssword secion and check Use Cisco PAP Password

Tacacs3.gif


5. Under System Configuration select Local Password Management and set a proper policy

Tacacs4.gif

 

Telnet Session Password Change

 

Here is the expected behavior.

Tacacs5.gif

 

Syslogs for exchange

 

%ASA-6-113010: AAA challenge received for user telnet1 from server mcs-ibm3.
%ASA-6-113004: AAA user authentication Successful : server =  mcs-ibm3 : user = telnet1
Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents