Welcome banner is not displayed on IOS XR and NX OS
33 views
Skip to first unread message
Yannick Champs
Mar 19, 2024, 8:03:48 AMMar 19
to Event-Driven Servers
Hi,
my host configuration is very simple :
host IPv4_world {
address = 0.0.0.0/0
welcome banner = "\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\n"
key = 123456
address = 0.0.0.0/0
welcome banner = "\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\n"
key = 123456
}
Here all the log from tac_plus-ng :
13313: 10:49:56.870 1/f3013508: 192.168.225.5 New session
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.870 1/f3013508: 192.168.225.5 key used: 123456
13313: 10:49:56.870 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 1, flags: unencrypted
13313: 10:49:56.870 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 32
13313: 10:49:56.870 1/f3013508: 192.168.225.5 packet body (len: 32): \001\000\001\001\000\n\016\000/dev/pts/2192.168.15.195
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0000 01 00 01 01 00 0a 0e 00 2f 64 65 76 2f 70 74 73 ........ /dev/pts
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0010 2f 32 31 39 32 2e 31 36 38 2e 31 35 2e 31 39 35 /2192.16 8.15.195
13313: 10:49:56.870 1/f3013508: 192.168.225.5 AUTHEN/START, priv_lvl=0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 action=login (1)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 authen_type=ascii (1)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 service=login (1)
13313: 10:49:56.870 1/f3013508: 192.168.225.5 user_len=0 port_len=10 rem_addr_len=14
13313: 10:49:56.870 1/f3013508: 192.168.225.5 data_len=0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 user (len: 0):
13313: 10:49:56.870 1/f3013508: 192.168.225.5 port (len: 10): /dev/pts/2
13313: 10:49:56.870 1/f3013508: 192.168.225.5 rem_addr (len: 14): 192.168.15.195
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:49:56.870 1/f3013508: 192.168.225.5 authen: hdr->seq_no: 1
13313: 10:49:56.870 1/f3013508: 192.168.225.5 Writing AUTHEN/GETUSER size=88
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.870 1/f3013508: 192.168.225.5 key used: 123456
13313: 10:49:56.870 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 2, flags: unencrypted
13313: 10:49:56.870 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 76
13313: 10:49:56.870 1/f3013508: 192.168.225.5 packet body (len: 76): \004\000\000F\000\000\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nUsername:
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0000 04 00 00 46 00 00 0a 20 57 41 52 4e 49 4e 47 20 ...F... WARNING
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0010 21 21 0a 0a 20 4e 65 74 77 6f 72 6b 20 41 43 43 !!.. Net work ACC
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0020 45 53 53 20 69 73 20 52 45 53 54 52 49 43 54 45 ESS is R ESTRICTE
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0030 44 20 61 6e 64 20 4c 4f 47 47 45 44 20 20 21 21 D and LO GGED !!
13313: 10:49:56.870 1/f3013508: 192.168.225.5 0040 0a 0a 55 73 65 72 6e 61 6d 65 3a 20 ..Userna me:
13313: 10:49:56.870 1/f3013508: 192.168.225.5 AUTHEN, status=4 (AUTHEN/GETUSER) flags=0x0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 msg_len=70, data_len=0
13313: 10:49:56.870 1/f3013508: 192.168.225.5 msg (len: 70): \n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nUsername:
13313: 10:49:56.870 1/f3013508: 192.168.225.5 data (len: 0):
13313: 10:49:56.870 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 key used: 123456
13313: 10:49:56.878 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 3, flags: unencrypted
13313: 10:49:56.878 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 9
13313: 10:49:56.878 1/f3013508: 192.168.225.5 packet body [partially masked] (len: 9): \000\004\000\000\000****
13313: 10:49:56.878 1/f3013508: 192.168.225.5 0000 00 04 00 00 00 2a 2a 2a 2a .....*** *
13313: 10:49:56.878 1/f3013508: 192.168.225.5 AUTHEN/CONT user_msg_len=4, user_data_len=0
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 authen: hdr->seq_no: 3
13313: 10:49:56.878 1/f3013508: 192.168.225.5 looking for user root realm default
13313: 10:49:56.878 1/f3013508: 192.168.225.5 user lookup failed
13313: 10:49:56.878 1/f3013508: 192.168.225.5 Writing AUTHEN/GETPASS size=28
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<start packet>---
13313: 10:49:56.878 1/f3013508: 192.168.225.5 key used: 123456
13313: 10:49:56.878 1/f3013508: 192.168.225.5 version: 192, type: 1, seq no: 4, flags: unencrypted
13313: 10:49:56.878 1/f3013508: 192.168.225.5 session id: 083501f3, data length: 16
13313: 10:49:56.878 1/f3013508: 192.168.225.5 packet body (len: 16): \005\001\000\n\000\000Password:
13313: 10:49:56.878 1/f3013508: 192.168.225.5 0000 05 01 00 0a 00 00 50 61 73 73 77 6f 72 64 3a 20 ......Pa ssword:
13313: 10:49:56.878 1/f3013508: 192.168.225.5 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
13313: 10:49:56.878 1/f3013508: 192.168.225.5 msg_len=10, data_len=0
13313: 10:49:56.878 1/f3013508: 192.168.225.5 msg (len: 10): Password:
13313: 10:49:56.878 1/f3013508: 192.168.225.5 data (len: 0):
13313: 10:49:56.878 1/f3013508: 192.168.225.5 ---<end packet>---
13313: 10:50:29.347 2/00000000: - connection request from 192.168.190.42 (realm: default)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 New session
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<start packet>---
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 key used: 123456
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 version: 192, type: 3, seq no: 1, flags: unencrypted
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 session id: 0cf3c312, data length: 130
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 packet body (len: 130): \004\006\000\001\000\005\001\016\005\034\025\017\024\fadmin0192.168.15.195task_id=192.168.15.195@pts/2start_time=1710794898timezone=TAHITIstop_time=1710794898service=none
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0000 04 06 00 01 00 05 01 0e 05 1c 15 0f 14 0c 61 64 ........ ......ad
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0010 6d 69 6e 30 31 39 32 2e 31 36 38 2e 31 35 2e 31 min0192. 168.15.1
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0020 39 35 74 61 73 6b 5f 69 64 3d 31 39 32 2e 31 36 95task_i d=192.16
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0030 38 2e 31 35 2e 31 39 35 40 70 74 73 2f 32 73 74 8.15.195 @pts/2st
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0040 61 72 74 5f 74 69 6d 65 3d 31 37 31 30 37 39 34 art_time =1710794
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0050 38 39 38 74 69 6d 65 7a 6f 6e 65 3d 54 41 48 49 898timez one=TAHI
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0060 54 49 73 74 6f 70 5f 74 69 6d 65 3d 31 37 31 30 TIstop_t ime=1710
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0070 37 39 34 38 39 38 73 65 72 76 69 63 65 3d 6e 6f 794898se rvice=no
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0080 6e 65 ne
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ACCT, priv_lvl=0 flags=0x4
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 authen_type=ascii (1)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 authen_method=tacacs+ (6)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 service=unknown (0)
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 user_len=5 port_len=1 rem_addr_len=14 arg_cnt=5
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 user (len: 5): admin
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 port (len: 1): 0
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 rem_addr (len: 14): 192.168.15.195
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[0] (len: 28): task_id=192.168.15.195@pts/2
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[1] (len: 21): start_time=1710794898
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[2] (len: 15): timezone=TAHITI
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[3] (len: 20): stop_time=1710794898
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 arg[4] (len: 12): service=none
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<end packet>---
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 Start accounting request
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 Writing ACCT size=17
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<start packet>---
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 key used: 123456
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 version: 192, type: 3, seq no: 2, flags: unencrypted
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 session id: 0cf3c312, data length: 5
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 packet body (len: 5): \000\000\000\000\001
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 0000 00 00 00 00 01 .....
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ACCT/REPLY, status=1, msg_len=0, data_len=0
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 msg (len: 0):
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 data (len: 0):
13313: 10:50:29.348 2/12c3f30c: 192.168.190.42 ---<end packet>---
13313: 10:50:29.349 3/00000000: - connection request from 192.168.190.42 (realm: default)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 New session
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<start packet>---
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 key used: 123456
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 version: 192, type: 2, seq no: 1, flags: unencrypted
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 session id: 2e9e7bdc, data length: 62
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 packet body (len: 62): \006\001\002\000\005\000\016\003\r\a\fadmin192.168.15.195service=shellcmd=endcmd-arg=<cr>
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0000 06 01 02 00 05 00 0e 03 0d 07 0c 61 64 6d 69 6e ........ ...admin
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0010 31 39 32 2e 31 36 38 2e 31 35 2e 31 39 35 73 65 192.168. 15.195se
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0020 72 76 69 63 65 3d 73 68 65 6c 6c 63 6d 64 3d 65 rvice=sh ellcmd=e
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0030 6e 64 63 6d 64 2d 61 72 67 3d 3c 63 72 3e ndcmd-ar g=<cr>
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 AUTHOR, priv_lvl=1
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 authen_type=pap (2)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 authen_method=tacacs+ (6)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 service=unknown (0)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 user_len=5 port_len=0 rem_addr_len=14 arg_cnt=3
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 user (len: 5): admin
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 port (len: 0):
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 rem_addr (len: 14): 192.168.15.195
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 arg[0] (len: 13): service=shell
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 arg[1] (len: 7): cmd=end
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 arg[2] (len: 12): cmd-arg=<cr>
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<end packet>---
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 Start authorization request
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 user 'admin' not found, denied by default
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 Writing AUTHOR/FAIL size=18
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<start packet>---
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 key used: 123456
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 version: 192, type: 2, seq no: 2, flags: unencrypted
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 session id: 2e9e7bdc, data length: 6
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 packet body (len: 6): \020\000\000\000\000\000
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 0000 10 00 00 00 00 00 ......
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 AUTHOR/REPLY, status=16 (AUTHOR/FAIL)
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 msg_len=0, data_len=0, arg_cnt=0
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 msg (len: 0):
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 data (len: 0):
13313: 10:50:29.349 3/dc7b9e2e: 192.168.190.42 ---<end packet>---
But Welcome banner is displayed well with IOS XE equipements :
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 looking for user admin realm default
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 user lookup failed
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 Writing AUTHEN/GETPASS size=88
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 ---<start packet>---
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 key used: 123456
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 version: 192, type: 1, seq no: 2, flags: unencrypted
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 session id: 0805ade9, data length: 76
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 packet body (len: 76): \005\001\000F\000\000\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nPassword:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0000 05 01 00 46 00 00 0a 20 57 41 52 4e 49 4e 47 20 ...F... WARNING
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0010 21 21 0a 0a 20 4e 65 74 77 6f 72 6b 20 41 43 43 !!.. Net work ACC
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0020 45 53 53 20 69 73 20 52 45 53 54 52 49 43 54 45 ESS is R ESTRICTE
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0030 44 20 61 6e 64 20 4c 4f 47 47 45 44 20 20 21 21 D and LO GGED !!
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0040 0a 0a 50 61 73 73 77 6f 72 64 3a 20 ..Passwo rd:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 msg_len=70, data_len=0
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 msg (len: 70): \n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nPassword:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 data (len: 0):
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 ---<end packet>---
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 user lookup failed
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 Writing AUTHEN/GETPASS size=88
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 ---<start packet>---
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 key used: 123456
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 version: 192, type: 1, seq no: 2, flags: unencrypted
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 session id: 0805ade9, data length: 76
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 packet body (len: 76): \005\001\000F\000\000\n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nPassword:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0000 05 01 00 46 00 00 0a 20 57 41 52 4e 49 4e 47 20 ...F... WARNING
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0010 21 21 0a 0a 20 4e 65 74 77 6f 72 6b 20 41 43 43 !!.. Net work ACC
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0020 45 53 53 20 69 73 20 52 45 53 54 52 49 43 54 45 ESS is R ESTRICTE
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0030 44 20 61 6e 64 20 4c 4f 47 47 45 44 20 20 21 21 D and LO GGED !!
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 0040 0a 0a 50 61 73 73 77 6f 72 64 3a 20 ..Passwo rd:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 msg_len=70, data_len=0
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 msg (len: 70): \n WARNING !!\n\n Network ACCESS is RESTRICTED and LOGGED !!\n\nPassword:
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 data (len: 0):
13313: 10:44:12.457 0/e9ad0508: 192.168.225.33 ---<end packet>---
Marc Huber
Mar 19, 2024, 1:00:46 PMMar 19
to event-driv...@googlegroups.com
Hi,
judging from your debug the prompt is sent, but not displayed by the
router. There's no way around that, that's an implementation issue. You
could perhaps file a bug report at your vendor ...
Cheers,
Marc
On 18.03.2024 21:53, Yannick Champs wrote:
> Hi,
>
> my host configuration is very simple :
> host IPv4_world {
> address = 0.0.0.0/0
> welcome banner = "\n WARNING !!\n\n Network ACCESS is
> RESTRICTED and LOGGED !!\n\n"
> key = 123456
> }
>
> Here all the log from tac_plus-ng :
>
...
judging from your debug the prompt is sent, but not displayed by the
router. There's no way around that, that's an implementation issue. You
could perhaps file a bug report at your vendor ...
Cheers,
Marc
On 18.03.2024 21:53, Yannick Champs wrote:
> Hi,
>
> my host configuration is very simple :
> host IPv4_world {
> address = 0.0.0.0/0
> welcome banner = "\n WARNING !!\n\n Network ACCESS is
> RESTRICTED and LOGGED !!\n\n"
> key = 123456
> }
>
> Here all the log from tac_plus-ng :
>
Yannick Champs
Mar 21, 2024, 9:39:40 PMMar 21
to Event-Driven Servers
Hi Cisco lovers,
any idea concerning my issue ?
my NX-OS tacacs configuration is :
feature tacacs+
tacacs-server host 192.168.1.1 key 0 123
tacacs-server host 192.168.1.2 key 0 123
aaa group server tacacs+ PMT-GRP-TACACS
server 192.168.1.1
server 192.168.1.2
use-vrf management
ip tacacs source-interface mgmt0
aaa authentication login default group PMT-GRP-TACACS
aaa authorization config-commands default group PMT-GRP-TACACS local
aaa authorization commands default group PMT-GRP-TACACS local
aaa accounting default group PMT-GRP-TACACS
Thanks
Yannick Champs
Mar 21, 2024, 9:40:52 PMMar 21
to Event-Driven Servers
I don't know where this "
User Access Verification" welcome banner comes from....
login as: netadmin
Pre-authentication banner message from server:| User Access Verification
End of banner message from server
Keyboard-interactive authentication prompts from server:
| Password:
Yannick Champs
Mar 21, 2024, 9:59:53 PMMar 21
to Event-Driven Servers
Hey Marc,
from a recent log from a failed authentication, I don't see welcome banner sent to router, normal ?
Regards;
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 looking for user admin realm default
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 user lookup failed
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 pap login for 'admin' from 192.168.15.112 on 0 failed
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 Writing AUTHEN/FAIL size=18
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 ---<start packet>---
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 key used: 123
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 version: 193, type: 1, seq no: 2, flags: unencrypted
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 session id: 508c2e12, data length: 6
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 packet body (len: 6): \002\000\000\000\000\000
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 0000 02 00 00 00 00 00 ......
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 AUTHEN, status=2 (AUTHEN/FAIL) flags=0x0
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 msg_len=0, data_len=0
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 msg (len: 0):
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 data (len: 0):
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 ---<end packet>---
1164: 15:54:42.490 1/00000000: - connection request from 192.168.190.42 (realm: default)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 New session
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<start packet>---
1164: 15:54:42.491 1/aae62903: 192.168.190.42 key used: 123
1164: 15:54:42.491 1/aae62903: 192.168.190.42 version: 192, type: 3, seq no: 1, flags: unencrypted
1164: 15:54:42.491 1/aae62903: 192.168.190.42 session id: 0329e6aa, data length: 122
1164: 15:54:42.491 1/aae62903: 192.168.190.42 packet body (len: 122): \004\006\000\001\000\000\001\000\005\b\025\0173\f0task_id=start_time=1711072351timezone=TAHITIcmd=PAM: Authentication failed from 192.168.15.112\nservice=none
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0000 04 06 00 01 00 00 01 00 05 08 15 0f 33 0c 30 74 ........ ....3.0t
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0010 61 73 6b 5f 69 64 3d 73 74 61 72 74 5f 74 69 6d ask_id=s tart_tim
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0020 65 3d 31 37 31 31 30 37 32 33 35 31 74 69 6d 65 e=171107 2351time
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0030 7a 6f 6e 65 3d 54 41 48 49 54 49 63 6d 64 3d 50 zone=TAH ITIcmd=P
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0040 41 4d 3a 20 41 75 74 68 65 6e 74 69 63 61 74 69 AM: Auth enticati
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0050 6f 6e 20 66 61 69 6c 65 64 20 66 72 6f 6d 20 31 on faile d from 1
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0060 39 32 2e 31 36 38 2e 31 35 2e 31 31 32 0a 73 65 92.168.1 5.112.se
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0070 72 76 69 63 65 3d 6e 6f 6e 65 rvice=no ne
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ACCT, priv_lvl=0 flags=0x4
1164: 15:54:42.491 1/aae62903: 192.168.190.42 authen_type=ascii (1)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 authen_method=tacacs+ (6)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 service=unknown (0)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 user_len=0 port_len=1 rem_addr_len=0 arg_cnt=5
1164: 15:54:42.491 1/aae62903: 192.168.190.42 user (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 port (len: 1): 0
1164: 15:54:42.491 1/aae62903: 192.168.190.42 rem_addr (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[0] (len: 8): task_id=
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[1] (len: 21): start_time=1711072351
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[2] (len: 15): timezone=TAHITI
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[3] (len: 51): cmd=PAM: Authentication failed from 192.168.15.112\n
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[4] (len: 12): service=none
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<end packet>---
1164: 15:54:42.491 1/aae62903: 192.168.190.42 Start accounting request
1164: 15:54:42.491 1/aae62903: 192.168.190.42 Writing ACCT size=17
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<start packet>---
1164: 15:54:42.491 1/aae62903: 192.168.190.42 key used: 123
1164: 15:54:42.491 1/aae62903: 192.168.190.42 version: 192, type: 3, seq no: 2, flags: unencrypted
1164: 15:54:42.491 1/aae62903: 192.168.190.42 session id: 0329e6aa, data length: 5
1164: 15:54:42.491 1/aae62903: 192.168.190.42 packet body (len: 5): \000\000\000\000\001
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0000 00 00 00 00 01 .....
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ACCT/REPLY, status=1, msg_len=0, data_len=0
1164: 15:54:42.491 1/aae62903: 192.168.190.42 msg (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 data (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<end packet>---
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 user lookup failed
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 pap login for 'admin' from 192.168.15.112 on 0 failed
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 Writing AUTHEN/FAIL size=18
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 ---<start packet>---
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 key used: 123
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 version: 193, type: 1, seq no: 2, flags: unencrypted
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 session id: 508c2e12, data length: 6
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 packet body (len: 6): \002\000\000\000\000\000
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 0000 02 00 00 00 00 00 ......
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 AUTHEN, status=2 (AUTHEN/FAIL) flags=0x0
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 msg_len=0, data_len=0
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 msg (len: 0):
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 data (len: 0):
1164: 15:54:42.446 0/122e8c50: 192.168.190.42 ---<end packet>---
1164: 15:54:42.490 1/00000000: - connection request from 192.168.190.42 (realm: default)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 New session
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<start packet>---
1164: 15:54:42.491 1/aae62903: 192.168.190.42 key used: 123
1164: 15:54:42.491 1/aae62903: 192.168.190.42 version: 192, type: 3, seq no: 1, flags: unencrypted
1164: 15:54:42.491 1/aae62903: 192.168.190.42 session id: 0329e6aa, data length: 122
1164: 15:54:42.491 1/aae62903: 192.168.190.42 packet body (len: 122): \004\006\000\001\000\000\001\000\005\b\025\0173\f0task_id=start_time=1711072351timezone=TAHITIcmd=PAM: Authentication failed from 192.168.15.112\nservice=none
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0000 04 06 00 01 00 00 01 00 05 08 15 0f 33 0c 30 74 ........ ....3.0t
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0010 61 73 6b 5f 69 64 3d 73 74 61 72 74 5f 74 69 6d ask_id=s tart_tim
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0020 65 3d 31 37 31 31 30 37 32 33 35 31 74 69 6d 65 e=171107 2351time
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0030 7a 6f 6e 65 3d 54 41 48 49 54 49 63 6d 64 3d 50 zone=TAH ITIcmd=P
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0040 41 4d 3a 20 41 75 74 68 65 6e 74 69 63 61 74 69 AM: Auth enticati
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0050 6f 6e 20 66 61 69 6c 65 64 20 66 72 6f 6d 20 31 on faile d from 1
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0060 39 32 2e 31 36 38 2e 31 35 2e 31 31 32 0a 73 65 92.168.1 5.112.se
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0070 72 76 69 63 65 3d 6e 6f 6e 65 rvice=no ne
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ACCT, priv_lvl=0 flags=0x4
1164: 15:54:42.491 1/aae62903: 192.168.190.42 authen_type=ascii (1)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 authen_method=tacacs+ (6)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 service=unknown (0)
1164: 15:54:42.491 1/aae62903: 192.168.190.42 user_len=0 port_len=1 rem_addr_len=0 arg_cnt=5
1164: 15:54:42.491 1/aae62903: 192.168.190.42 user (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 port (len: 1): 0
1164: 15:54:42.491 1/aae62903: 192.168.190.42 rem_addr (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[0] (len: 8): task_id=
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[1] (len: 21): start_time=1711072351
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[2] (len: 15): timezone=TAHITI
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[3] (len: 51): cmd=PAM: Authentication failed from 192.168.15.112\n
1164: 15:54:42.491 1/aae62903: 192.168.190.42 arg[4] (len: 12): service=none
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<end packet>---
1164: 15:54:42.491 1/aae62903: 192.168.190.42 Start accounting request
1164: 15:54:42.491 1/aae62903: 192.168.190.42 Writing ACCT size=17
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<start packet>---
1164: 15:54:42.491 1/aae62903: 192.168.190.42 key used: 123
1164: 15:54:42.491 1/aae62903: 192.168.190.42 version: 192, type: 3, seq no: 2, flags: unencrypted
1164: 15:54:42.491 1/aae62903: 192.168.190.42 session id: 0329e6aa, data length: 5
1164: 15:54:42.491 1/aae62903: 192.168.190.42 packet body (len: 5): \000\000\000\000\001
1164: 15:54:42.491 1/aae62903: 192.168.190.42 0000 00 00 00 00 01 .....
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ACCT/REPLY, status=1, msg_len=0, data_len=0
1164: 15:54:42.491 1/aae62903: 192.168.190.42 msg (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 data (len: 0):
1164: 15:54:42.491 1/aae62903: 192.168.190.42 ---<end packet>---
strikerx22
Mar 26, 2024, 12:11:35 PMMar 26
to Event-Driven Servers
I noticed this as well in our environment and, unfortunately, I think it's just a shortcoming with the NX-OS platform. I don't have any IOS-XR to test or I would. NX-OS only supports motd and exec banners and doesn't appear to honor the banners provided by TACACS. I have both welcome and motd banners sent via TACACS and NX-OS is not displaying either.
If anyone has or finds a workaround, I'd love to hear it, but a quick Google search suggests this is just the way Cisco chooses to be :/
Kindest Regards,
Ryan N. Davis
Reply all
Reply to author
Forward
0 new messages