Enable authentication doesn't work after upggrading to

Unanswered Question
Nov 5th, 2008

I have 2 firewalls that were upgrade from to due to a DNS vulnerability. After I upgrade it, I can loggin using SSH but when I issue enable, it request the password and just hangs in there, some time later it requests the password again and if I check the logs it just says: aaa server host machine not responding.

However if I turn on telnet, enable autentication works, and the other 10 firewalls in the code works just fine with the same tacacs server

Please help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Fernando_Meza Wed, 11/05/2008 - 20:48


I suggest you to check the logs on the tacacs server when trying to authenticate using ssh. Also please post the output of:

show run | inc aaa

rgolcher Fri, 11/14/2008 - 15:24

there are no logs at the ACS when I issue the enable command and type the password just the firewall log saying that AAA SERVER is not reachable. Here is the sh run | in aaa:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa-server APIX02 protocol tacacs+

aaa-server APIX02 max-failed-attempts 3

aaa-server APIX02 deadtime 10

aaa-server APIX02 (inside) host 10.X.X.X ZAQ12wsxkdC timeout 5

aaa authentication telnet console APIX02

aaa authentication enable console APIX02

aaa authentication ssh console APIX02

aaa authentication http console APIX02

but using telnet it gets the same message the other 8 firewalls that are using ssh


This Discussion