Cisco asking for username when going to enable

Unanswered Question
Nov 15th, 2008

Is this a bug? It's affecting our monitoring system and ciscoworks.



ny60wa06zdr01#show module

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1231ZCCZ

3 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL083430ES

4 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0722EFCG

5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1232ZS46


System image file is "sup-bootflash:s72033-ipservicesk9-mz.122-33.SXH3.bin"




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
bedevere.curry Sat, 11/15/2008 - 10:13

What we have looks fine unless you see something.


ny60wa06zdr01#show run | inc aaa

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authentication login console group tacacs+ enable

aaa authentication login async none

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec console none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 1 console none

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization commands 15 console none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ny60wa06zdr01#

Giuseppe Larosa Sat, 11/15/2008 - 10:20

Hello Bedevere,


>> aaa authentication enable default group tacacs+ enable


this means the tacacs server(s) are used when you go in enable.

Verify if the user associated to the management SW has privilege less then 15

if so to go in enable a new authentication with tacacs is needed.


to check level use

sh privilege


enter with the same account used by ciscoworks


Hope to help

Giuseppe



bedevere.curry Sat, 11/15/2008 - 10:45

Not sure what you are asking. I do want to mention, its only happening to this device and it was upgraded to s72033-ipservicesk9-mz.122-33.SXH3.bin

Giuseppe Larosa Sat, 11/15/2008 - 13:42

Hello Bedevere,

good news that you found the reason for the problem.



Best Regards

Giuseppe

John Patrick Lopez Mon, 12/15/2008 - 03:43

Hi,


Do you have a bug ID for this one? I'm experiencing this one with our Sup32. The IOS is s3223-ipservicesk9_wan-mz.122-33.SXH3a.bin.


Thanks,

John

Actions

This Discussion