Security

Reply
Contributor I

How to change the Banner in TACACS when access the switches in CLI ?

I have cllearpass with TACAS service and I need to change this banner :

 


User Access Verification (Policy Manager)

 

 

 

Occasional Contributor II

Re: How to change the Banner in TACACS when access the switches in CLI ?

has anyone been able to modify the banner as well as the "UserName:" prompt?

MVP

Re: How to change the Banner in TACACS when access the switches in CLI ?

not sure if this is the banner you are looking for:Capture.JPG

~Trinh Nguyen~
Boys Town
Occasional Contributor II

Re: How to change the Banner in TACACS when access the switches in CLI ?

That isnt the banner i am referring to .  It is the banner when connecting to a cisco switch

 

 

User Access Verification (Policy Manager)

UserName:

 

 

The username prompt command does not work when tacacs+ is enabled.

MVP

Re: How to change the Banner in TACACS when access the switches in CLI ?

Can you post your Cisco config?  I have no problem using CPPM TACACS with all of my Cisco routers.  This is the banner and login prompt I got:

Capture.JPG

 

~Trinh Nguyen~
Boys Town
Occasional Contributor II

Re: How to change the Banner in TACACS when access the switches in CLI ?

aaa new-model
aaa authentication username-prompt enter user id:
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local

tacacs-server host x.x.x.x key xxxxxxxxx

MVP

Re: How to change the Banner in TACACS when access the switches in CLI ?

Try this new Cisco IOS for TACACS configuration:

 

  1. Define your TACACS servers:
    tacacs server CP01
     address ipv4 x.x.x.x
     key 7 1234567890
    tacacs server CP02
    address ipv4 x.x.x.x
     key 7 1234567890
  2. Configure TACACS server group:
    aaa group server tacacs+ TACACS-CPPM
    server name CP01
     server name CP02
     ip tacacs source-interface GigabitEthernet0
  3. Configure aaa
    aaa authentication login default group TACACS-CPPM local
    aaa authentication enable default none
    aaa authorization config-commands
    aaa authorization exec default group TACACS-CPPM local
    aaa authorization commands 0 default group TACACS-CPPM none
    aaa authorization commands 1 default group TACACS-CPPM if-authenticated
    aaa authorization commands 15 default group TACACS-CPPM if-authenticated
    aaa accounting commands 15 default start-stop group TACACS-CPPM
    aaa accounting connection default start-stop group TACACS-CPPM

 

~Trinh Nguyen~
Boys Town
Occasional Contributor II

Re: How to change the Banner in TACACS when access the switches in CLI ?

i have determined that the username prompt change works up until i enter this command

 

aaa authentication login default group tacacs-cppm local

 

then this overrides the cisco commands

 

User Access Verification (Policy Manager)

UserName:

 

 

MVP

Re: How to change the Banner in TACACS when access the switches in CLI ?

This configuration works for my CPPM and other Linux base TACACS+, and I am sure it works for Cisco NAC because I got this configuration from Cisco NAC document.

 

Two suggestions: upgrade your IOS, check your CPPM service, specially the enforcement profile.

Have you tried this ASE:

https://ase.arubanetworks.com/solutions/id/80

 

~Trinh Nguyen~
Boys Town
Occasional Contributor II

Re: How to change the Banner in TACACS when access the switches in CLI ?

i can't find any documentation raltiving to the username prompt

 

User Access Verification (Policy Manager)

UserName:

 

aaa authentication username-prompt Username:

 

prompt does nto reflect the command.  However, when tacacs is disabled the command works.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: