01-27-2008 04:53 PM - edited 03-05-2019 08:44 PM
My question is.... we have this application working everything is fine with accessing weather on line or through Console. If the switch\router is not connected to the network i cant access through the Console port. So if by chance i lose my GBIC's and off the network i cant get in to look. I set all these up years ago and never had to get in except last week i lost a switch and had to get into a previously configured switch to make sure it was ok.... any help would be great. mberenato01@yahoo.com
01-27-2008 07:26 PM
Mike
There are probably some aspects of your question that I do not understand well. It sounds as if you are describing the problem as beeing that if the switch is on line on the network that you can login through the console or the vty with no problem. But if the switch is not on line that you can not login - not even through the console.
My guess about this problem would be that you have configured authentication via AAA to a TACACS or to a Radius server and that there is not a backup method using local authentication. If you would post the configuration we could verify whether this is the problem and perhaps to suggest an alternative that could get around this issue.
If I have misunderstood some part of your issue then perhaps you can clarify it for us.
HTH
Rick
01-28-2008 07:42 AM
Yes, sorry for the confusion i use those methods... We do however set the console u\n and p\w so thats how im confused. The issue is if the switch is unplugged from the network and sitting on my desk i try to console in... here is the config - some u\n's etc for security:
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname blahblah
!
enable secret 5 $xxxxxxxxxxxx
enable password 7 1111111111
!
username username privilege 15 password 7 1111111111
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
!
aaa session-id common
clock timezone EST -5
clock summer-time EST recurring
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
******the ethernet switch ports goes here
!
interface Vlan1
ip address x.x.x.x x.x.x.x
no ip route-cache
!
ip default-gateway x.x.x.x
ip classless
no ip http server
!
tacacs-server host x.x.x.x key 7 1111111111111
tacacs-server directed-request
tacacs-server key 7 11111111111111111
radius-server source-ports 1645-1646
!
control-plane
!
banner motd ^CCCC
***************************************************************************
WARNING: ***************************************************************************
^C
!
line con 0
exec-timeout 30 0
password 7 111111111
stopbits 1
line vty 0 4
exec-timeout 30 0
password 7 11111111
line vty 5 15
exec-timeout 30 0
password 7 111111111
!
ntp clock-period 36029202
ntp server x.x.x.x prefer
ntp server x.x.x.x
end
01-28-2008 09:15 AM
Mike
Thanks for posting the additional information. It does show that you are authenticating both console and vty with TACACS. And it does show a backup method is configured (local). The local authentication as a backup will use a locally configured username and password to authenticate. When the device is offline and you attempt to login, are you getting a prompt for username and a prompt for password? Are you trying to login with the username that is configured - and with the password that is configured for that username? Are you confident that you have the correct password for that username?
I have a couple of suggestions for things to try:
- configure a new (different) username that has a very simple name and simple password. The take the device off line and try to login with the new username and password.
- login while it is online, run debug aaa authentication, disconnect from the network, try to login while offline (which should fail) and look to the debug output for indications of what is happening.
HTH
Rick
01-28-2008 12:38 PM
I guess really the problem was.... when setting up the switch to ease configuration you do the copy paste. Well if you copy an encrytped password it appears it gets messed up or double encrypted i guess... idunno. But thanks for the info, creating another user account worked once i got it back so i could console in.
01-28-2008 09:01 PM
Mike
I am glad that my answers were able to help you find a solution for your problem. when I looked at your configs and did not see any issue with them it was logical to wonder if the problem were in the configuration of the user IDs and passwords.
HTH
Rick
01-29-2008 07:45 AM
Thanks again!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: