3750 Stack Problem

stevenmcnamara · ‎05-14-2008

Hello,

I have inherited a problem with a stack of 4x 3750 switches. There is a TACACS configuration error on the stack that means I am unauthorized to configure any changes. Each switch has one interface connecting to the management network, but these interfaces are all down due to err-disable (channel-misconfig). If these connections were restored the TACACS server would be reachable and then I could configure the necessary changes.

Currently all switches are configured with a priority of 1 and Switch 2 in the stack is currently the master.

I am unable to sh/no sh the interfaces due to the TACACS problem. Is there any other way to clear the err-disable state?

Thanks

Steve

noran01 · ‎05-14-2008

No local user account is defined on the stack? If not, I would suggest doing a password recovery procedure on the master which should enable you to create a local user account.

stevenmcnamara · ‎05-14-2008

Hi,

To be honest I'm not sure as I haven't seen the config... inherited problem :-( But, at the moment the TACACS server is not reachable, so it is defaulting to the local enable password. When I try to enter "conf t" etc, I receive an authorization failed error, so I'm assuming the AAA authorization is misconfigured.

If I was able to bring any of the 4 management connections back up it would restore access to the TACACS server - and therefore I can login with TACACS account... and fix the config. I can't get these back up and running because all 4 connections are in "err-disable" state. So I need to know if there is a way to bring these interfaces back up without being able to shut/no shut? I've checked the errdisable recovery and it's disabled for channel-misconfig....

As this is on a live production stack, I don't want to go through the password recovery path. The other alternative I see is to reload one of the Stack members, which would clear the management interface and bring up access to the TACACS server.

The only concern I have with this is - all the switches are Stack priority of 1 (Switch 2 is the master at the moment). When I reload physically powercycle Switch 1 will this then cause a Master re-election on boot up and then cause all other switches to reload? I think usually this would only happen if the Stack master with higher priority is reloaded, but I'm not 100%. Does anyone know the circumstances for this happening?

Thanks in advance

Steve

paul.matthews · ‎05-14-2008

You are going to at least need to reload - that alone may clear the err-disable state, and get you access, but I cannot make any guarantee.

If you need to reload anyway, you may as well go the sure-fire route and go though password recovery to get in.

Paul.

stevenmcnamara · ‎05-14-2008

Thanks Paul

The reload should work, there was an error in the etherchannels between the Stack and the Management switches. When this was fixed the interfaces went to err-disabled, so the etherchannels should work once they are cleared.

At the moment Switch 1 has no connections apart from the Management interface, so I'll try the reload on it.

As I said before the only concern I have with this is whether or not this will cause the other devices to reload also?

Thanks

paul.matthews · ‎05-14-2008

It should not cause the other switches in the stack to reload, but I have a niggle that as as they do quite a bit of state sharing between the switches in a stack (FIB tables etc) the stau *MAY* survive the power cycle of a single switch in the stack. If that's the only connection on that particular switch, it should not affect anything else so is worth a quick try on its own.

stevenmcnamara · ‎05-14-2008

Thanks Paul. I agree, I'm haven't come across this before, I think I'll push back on a quick fix and get the topology labbed up first.

Cheers