3750 Stack Problem

Unanswered Question
May 14th, 2008
User Badges:

Hello,


I have inherited a problem with a stack of 4x 3750 switches. There is a TACACS configuration error on the stack that means I am unauthorized to configure any changes. Each switch has one interface connecting to the management network, but these interfaces are all down due to err-disable (channel-misconfig). If these connections were restored the TACACS server would be reachable and then I could configure the necessary changes.


Currently all switches are configured with a priority of 1 and Switch 2 in the stack is currently the master.


I am unable to sh/no sh the interfaces due to the TACACS problem. Is there any other way to clear the err-disable state?


Thanks

Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
stevenmcnamara Wed, 05/14/2008 - 05:18
User Badges:

Hi,


To be honest I'm not sure as I haven't seen the config... inherited problem :-( But, at the moment the TACACS server is not reachable, so it is defaulting to the local enable password. When I try to enter "conf t" etc, I receive an authorization failed error, so I'm assuming the AAA authorization is misconfigured.


If I was able to bring any of the 4 management connections back up it would restore access to the TACACS server - and therefore I can login with TACACS account... and fix the config. I can't get these back up and running because all 4 connections are in "err-disable" state. So I need to know if there is a way to bring these interfaces back up without being able to shut/no shut? I've checked the errdisable recovery and it's disabled for channel-misconfig....


As this is on a live production stack, I don't want to go through the password recovery path. The other alternative I see is to reload one of the Stack members, which would clear the management interface and bring up access to the TACACS server.


The only concern I have with this is - all the switches are Stack priority of 1 (Switch 2 is the master at the moment). When I reload physically powercycle Switch 1 will this then cause a Master re-election on boot up and then cause all other switches to reload? I think usually this would only happen if the Stack master with higher priority is reloaded, but I'm not 100%. Does anyone know the circumstances for this happening?


Thanks in advance

Steve

paul.matthews Wed, 05/14/2008 - 05:39
User Badges:
  • Silver, 250 points or more

You are going to at least need to reload - that alone may clear the err-disable state, and get you access, but I cannot make any guarantee.


If you need to reload anyway, you may as well go the sure-fire route and go though password recovery to get in.


Paul.

stevenmcnamara Wed, 05/14/2008 - 05:48
User Badges:

Thanks Paul


The reload should work, there was an error in the etherchannels between the Stack and the Management switches. When this was fixed the interfaces went to err-disabled, so the etherchannels should work once they are cleared.


At the moment Switch 1 has no connections apart from the Management interface, so I'll try the reload on it.


As I said before the only concern I have with this is whether or not this will cause the other devices to reload also?


Thanks

paul.matthews Wed, 05/14/2008 - 05:53
User Badges:
  • Silver, 250 points or more

It should not cause the other switches in the stack to reload, but I have a niggle that as as they do quite a bit of state sharing between the switches in a stack (FIB tables etc) the stau *MAY* survive the power cycle of a single switch in the stack. If that's the only connection on that particular switch, it should not affect anything else so is worth a quick try on its own.

stevenmcnamara Wed, 05/14/2008 - 05:59
User Badges:

Thanks Paul. I agree, I'm haven't come across this before, I think I'll push back on a quick fix and get the topology labbed up first.


Cheers

Actions

This Discussion