Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Network Change & Configuration Management

Reply
Highlighted

AAA banner problem in script (similar to motd problem)

Techie
Posts: 13
3427     0

Dear all,

Please fogive the "newbie" question as I am certain that this is simply resolved, but my problem is this:

I am trying to configure AAA on my Cisco devices using a NetMRI script but the job encounters errors because of the AAA banner line, where the CLI prompt is not returned.

The script fails with timeout waiting for device:

 

12:16:34   Action-Commands 
 12:16:34   conf t 
 12:16:34   aaa new-model 
 12:16:35   aaa authentication banner ^C# 
 12:17:37 
*** Timeout waiting for device ***
 3fl_6509_CoRe1#conf t 
 Enter configuration commands, one per line.  End with CNTL/Z. 
 3fl_6509_CoRe1(config)#aaa new-model 
 3fl_6509_CoRe1(config)#aaa authentication banner ^C# 
 Enter TEXT message.  End with the character '^'. 

 

I have also tried this by simply entering the AAA config into the Ad Hoc Command Batch, but this too failed:

conf t

aaa new-model
aaa authentication banner ^C#

TACACS+ authentication is not available. Please use local-username and local-password.
^C
aaa authentication fail-message ^C+
Invalid input !
^C
aaa authentication password-prompt local-password->
aaa authentication username-prompt local-username->
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+
aaa authorization commands 1 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

Any assistance is very much appreciated.

- Daren

 

Highlighted

Re: AAA banner problem in

Employee
Employee
Posts: 171
3427     0

This is an issue under investigation. The current workaround is to make the banner a single long string and use carriage returns to break it up as needed:

 

banner motd ! \r \r#########################################################################\r# This system is for the use of authorized users only. #\r # Individuals using this computer system without authority, or in #\r # excess of their authority, are subject to having all of their #\r # activities on this system monitored and recorded by system #\r # personnel. #\r # #\r # In the course of monitoring individuals improperly using this #\r # system, or in the course of system maintenance, the activities #\r # of authorized users may also be monitored. #\r # #\r # Anyone using this system expressly consents to such monitoring #\r # and is advised that if such monitoring reveals possible #\r # evidence of criminal activity, system personnel may provide the #\r # evidence of such monitoring to law enforcement officials. #\r#########################################################################\r !

 

 

Highlighted

Re: AAA banner problem in

Techie
Posts: 13
3427     0

Thank you chuq - that helps enormously.  I set the banner motd as well as the aaa authentication barrer using that method:

aaa authentication banner X\cmTACACS+ authentication is not available. Please use local-username and local-password.X\c

I am much obliged to you.

- Daren

 

 

Highlighted

Re: AAA banner problem in

Expert
Posts: 236
3427     0

The MOTD banner reminded me that IOS is not consistent about displaying that for Telnet vs. SSH sessions.  If you want the user to read it BEFORE the Username prompt, use "banner login" instead.

Showing results for 
Search instead for 
Do you mean 

Recommended for You