Cisco asking for username when going to enable

Unanswered Question
Nov 15th, 2008
User Badges:

Is this a bug? It's affecting our monitoring system and ciscoworks.



ny60wa06zdr01#show module

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1231ZCCZ

3 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL083430ES

4 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0722EFCG

5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1232ZS46


System image file is "sup-bootflash:s72033-ipservicesk9-mz.122-33.SXH3.bin"




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Sat, 11/15/2008 - 09:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Bedevere,

verify if the following commands are present:


aaa new-model

aaa authentication enable default radius tacacs local


(just one of the options is enough ..)


if so when you try to go in enable mode it will ask for a username password pair.


see

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1041720


Hope to help

Giuseppe


bedevere.curry Sat, 11/15/2008 - 10:13
User Badges:

What we have looks fine unless you see something.


ny60wa06zdr01#show run | inc aaa

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authentication login console group tacacs+ enable

aaa authentication login async none

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec console none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 1 console none

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization commands 15 console none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ny60wa06zdr01#

Giuseppe Larosa Sat, 11/15/2008 - 10:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Bedevere,


>> aaa authentication enable default group tacacs+ enable


this means the tacacs server(s) are used when you go in enable.

Verify if the user associated to the management SW has privilege less then 15

if so to go in enable a new authentication with tacacs is needed.


to check level use

sh privilege


enter with the same account used by ciscoworks


Hope to help

Giuseppe



bedevere.curry Sat, 11/15/2008 - 10:45
User Badges:

Not sure what you are asking. I do want to mention, its only happening to this device and it was upgraded to s72033-ipservicesk9-mz.122-33.SXH3.bin

bedevere.curry Sat, 11/15/2008 - 12:40
User Badges:

This issue is a known bug. Cisco recommended to upgrade to none bug ios

Giuseppe Larosa Sat, 11/15/2008 - 13:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Bedevere,

good news that you found the reason for the problem.



Best Regards

Giuseppe

John Patrick Lopez Mon, 12/15/2008 - 03:43
User Badges:

Hi,


Do you have a bug ID for this one? I'm experiencing this one with our Sup32. The IOS is s3223-ipservicesk9_wan-mz.122-33.SXH3a.bin.


Thanks,

John

Actions

This Discussion