Hi,
my host configuration is very simple :
host IPv4_world {
address =
0.0.0.0/0 welcome banner = "\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\n"
key = 123456
}
Here all the log from tac_plus-ng :
13313: 10:49:56.870 1/00000000: - connection request from 192.168.225.5 (realm: default)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 New session
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.870 1/f3013508: 192.168.225.5 key used:
123456
13313: 10:49:56.870 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 1, flags: unencrypted
13313: 10:49:56.870 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 32
13313: 10:49:56.870 1/f3013508: 192.168.225.5 packet body (len: 32): \001\000\001\001\000\n\016\000/dev/pts/2192.168.15.195
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0000 01 00 01 01 00 0a 0e 00 2f 64 65 76 2f 70 74 73 ........ /dev/pts
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0010 2f 32 31 39 32 2e 31 36 38 2e 31 35 2e 31 39 35 /2192.16 8.15.195
13313: 10:49:56.870 1/f3013508: 192.168.225.5 AUTHEN/START, priv_lvl=0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 action=login (1)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 authen_type=ascii (1)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 service=login (1)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 user_len=0 port_len=10 rem_addr_len=14
13313: 10:49:56.870 1/f3013508: 192.168.225.5 data_len=0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 user (len: 0):
13313: 10:49:56.870 1/f3013508: 192.168.225.5 port (len: 10): /dev/pts/2
13313: 10:49:56.870 1/f3013508: 192.168.225.5 rem_addr (len: 14): 192.168.15.195
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:49:56.870 1/f3013508: 192.168.225.5 authen: hdr->seq_no: 1
13313: 10:49:56.870 1/f3013508: 192.168.225.5 Writing AUTHEN/GETUSER size=88
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.870 1/f3013508: 192.168.225.5 key used:
123456
13313: 10:49:56.870 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 2, flags: unencrypted
13313: 10:49:56.870 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 76
13313: 10:49:56.870 1/f3013508: 192.168.225.5 packet body (len: 76): \004\000\000F\000\000\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nUsername:
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0000 04 00 00 46 00 00 0a 20 57 41 52 4e 49 4e 47 20 ...F... WARNING
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0010 21 21 0a 0a 20 4e 65 74 77 6f 72 6b 20 41 43 43 !!.. Net work ACC
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0020 45 53 53 20 69 73 20 52 45 53 54 52 49 43 54 45 ESS is R ESTRICTE
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0030 44 20 61 6e 64 20 4c 4f 47 47 45 44 20 20 21 21 D and LO GGED !!
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0040 0a 0a 55 73 65 72 6e 61 6d 65 3a 20 ..Userna me:
13313: 10:49:56.870 1/f3013508: 192.168.225.5 AUTHEN, status=4 (AUTHEN/GETUSER) flags=0x0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 msg_len=70, data_len=0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 msg (len: 70): \n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nUsername:
13313: 10:49:56.870 1/f3013508: 192.168.225.5 data (len: 0):
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 key used:
123456
13313: 10:49:56.878 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 3, flags: unencrypted
13313: 10:49:56.878 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 9
13313: 10:49:56.878 1/f3013508: 192.168.225.5 packet body [partially masked] (len: 9): \000\004\000\000\000****
13313: 10:49:56.878 1/f3013508: 192.168.225.5 0000 00 04 00 00 00 2a 2a 2a 2a .....*** *
13313: 10:49:56.878 1/f3013508: 192.168.225.5 AUTHEN/CONT user_msg_len=4, user_data_len=0
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 authen: hdr->seq_no: 3
13313: 10:49:56.878 1/f3013508: 192.168.225.5 looking for user root realm default
13313: 10:49:56.878 1/f3013508: 192.168.225.5 user lookup failed
13313: 10:49:56.878 1/f3013508: 192.168.225.5 Writing AUTHEN/GETPASS size=28
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 key used:
123456
13313: 10:49:56.878 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 4, flags: unencrypted
13313: 10:49:56.878 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 16
13313: 10:49:56.878 1/f3013508: 192.168.225.5 packet body (len: 16): \005\001\000\n\000\000Password:
13313: 10:49:56.878 1/f3013508: 192.168.225.5 0000 05 01 00 0a 00 00 50 61 73 73 77 6f 72 64 3a 20 ......Pa ssword:
13313: 10:49:56.878 1/f3013508: 192.168.225.5 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
13313: 10:49:56.878 1/f3013508: 192.168.225.5 msg_len=10, data_len=0
13313: 10:49:56.878 1/f3013508: 192.168.225.5 msg (len: 10): Password:
13313: 10:49:56.878 1/f3013508: 192.168.225.5 data (len: 0):
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:50:29.347 2/00000000: - connection request from 192.168.190.42 (realm: default)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 New session
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<start packet>---
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 key used:
123456
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 version: 192, type: 3, seq no: 1, flags: unencrypted
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 session id: 0cf3c312, data length: 130
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 packet body (len: 130): \004\006\000\001\000\005\001\016\005\034\025\017\024\fadmin0192.168.15.195task_id=192.168.15.195@pts/2start_time=1710794898timezone=TAHITIstop_time=1710794898service=none
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0000 04 06 00 01 00 05 01 0e 05 1c 15 0f 14 0c 61 64 ........ ......ad
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0010 6d 69 6e 30 31 39 32 2e 31 36 38 2e 31 35 2e 31 min0192. 168.15.1
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0020 39 35 74 61 73 6b 5f 69 64 3d 31 39 32 2e 31 36 95task_i d=192.16
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0030 38 2e 31 35 2e 31 39 35 40 70 74 73 2f 32 73 74 8.15.195 @pts/2st
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0040 61 72 74 5f 74 69 6d 65 3d 31 37 31 30 37 39 34 art_time =1710794
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0050 38 39 38 74 69 6d 65 7a 6f 6e 65 3d 54 41 48 49 898timez one=TAHI
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0060 54 49 73 74 6f 70 5f 74 69 6d 65 3d 31 37 31 30 TIstop_t ime=1710
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0070 37 39 34 38 39 38 73 65 72 76 69 63 65 3d 6e 6f 794898se rvice=no
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0080 6e 65 ne
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ACCT, priv_lvl=0 flags=0x4
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 authen_type=ascii (1)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 authen_method=tacacs+ (6)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 service=unknown (0)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 user_len=5 port_len=1 rem_addr_len=14 arg_cnt=5
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 user (len: 5): admin
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 port (len: 1): 0
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 rem_addr (len: 14): 192.168.15.195
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[0] (len: 28): task_id=192.168.15.195@pts/2
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[1] (len: 21): start_time=1710794898
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[2] (len: 15): timezone=TAHITI
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[3] (len: 20): stop_time=1710794898
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[4] (len: 12): service=none
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<end packet>---
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 Start accounting request
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 Writing ACCT size=17
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<start packet>---
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 key used:
123456
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 version: 192, type: 3, seq no: 2, flags: unencrypted
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 session id: 0cf3c312, data length: 5
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 packet body (len: 5): \000\000\000\000\001
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0000 00 00 00 00 01 .....
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ACCT/REPLY, status=1, msg_len=0, data_len=0
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 msg (len: 0):
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 data (len: 0):
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<end packet>---
13313: 10:50:29.349 3/00000000: - connection request from 192.168.190.42 (realm: default)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 New session
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<start packet>---
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 key used:
123456
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 version: 192, type: 2, seq no: 1, flags: unencrypted
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 session id: 2e9e7bdc, data length: 62
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 packet body (len: 62): \006\001\002\000\005\000\016\003\r\a\fadmin192.168.15.195service=shellcmd=endcmd-arg=<cr>
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0000 06 01 02 00 05 00 0e 03 0d 07 0c 61 64 6d 69 6e ........ ...admin
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0010 31 39 32 2e 31 36 38 2e 31 35 2e 31 39 35 73 65 192.168. 15.195se
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0020 72 76 69 63 65 3d 73 68 65 6c 6c 63 6d 64 3d 65 rvice=sh ellcmd=e
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0030 6e 64 63 6d 64 2d 61 72 67 3d 3c 63 72 3e ndcmd-ar g=<cr>
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 AUTHOR, priv_lvl=1
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 authen_type=pap (2)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 authen_method=tacacs+ (6)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 service=unknown (0)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 user_len=5 port_len=0 rem_addr_len=14 arg_cnt=3
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 user (len: 5): admin
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 port (len: 0):
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 rem_addr (len: 14): 192.168.15.195
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 arg[0] (len: 13): service=shell
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 arg[1] (len: 7): cmd=end
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 arg[2] (len: 12): cmd-arg=<cr>
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<end packet>---
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 Start authorization request
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 user 'admin' not found, denied by default
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 Writing AUTHOR/FAIL size=18
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<start packet>---
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 key used:
123456
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 version: 192, type: 2, seq no: 2, flags: unencrypted
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 session id: 2e9e7bdc, data length: 6
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 packet body (len: 6): \020\000\000\000\000\000
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0000 10 00 00 00 00 00 ......
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 AUTHOR/REPLY, status=16 (AUTHOR/FAIL)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 msg_len=0, data_len=0, arg_cnt=0
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 msg (len: 0):
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 data (len: 0):
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<end packet>---
But Welcome banner is displayed well with IOS XE equipements :
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 looking for user admin realm default
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 user lookup failed
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 Writing AUTHEN/GETPASS size=88
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 ---<start packet>---
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 key used: 123456
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 version: 192, type: 1, seq no: 2, flags: unencrypted
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 session id: 0805ade9, data length: 76
13313:
10:44:12.457 0/e9ad0508: 192.168.225.33 packet body (len: 76):
\005\001\000F\000\000\n WARNING !!\n\n Network ACCESS is RESTRICTED and
LOGGED !!\n\nPassword:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0000 05 01 00 46 00 00 0a 20 57 41 52 4e 49 4e 47 20 ...F... WARNING
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0010 21 21 0a 0a 20 4e 65 74 77 6f 72 6b 20 41 43 43 !!.. Net work ACC
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0020 45 53 53 20 69 73 20 52 45 53 54 52 49 43 54 45 ESS is R ESTRICTE
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0030 44 20 61 6e 64 20 4c 4f 47 47 45 44 20 20 21 21 D and LO GGED !!
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0040 0a 0a 50 61 73 73 77 6f 72 64 3a 20 ..Passwo rd:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 msg_len=70, data_len=0
13313:
10:44:12.457 0/e9ad0508: 192.168.225.33 msg (len: 70): \n WARNING
!!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nPassword:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 data (len: 0):
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 ---<end packet>---