Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
5
Helpful
7
Replies

Cisco asking for username when going to enable

bedevere.curry
Level 1
Level 1

‎11-15-2008 09:28 AM - edited ‎03-04-2019 12:20 AM

Is this a bug? It's affecting our monitoring system and ciscoworks.

ny60wa06zdr01#show module

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1231ZCCZ

3 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL083430ES

4 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0722EFCG

5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1232ZS46

System image file is "sup-bootflash:s72033-ipservicesk9-mz.122-33.SXH3.bin"

Labels:
0 Helpful
7 Replies 7

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-15-2008 09:37 AM

Hello Bedevere,

verify if the following commands are present:

aaa new-model

aaa authentication enable default radius tacacs local

(just one of the options is enough ..)

if so when you try to go in enable mode it will ask for a username password pair.

see

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1041720

Hope to help

Giuseppe

0 Helpful

bedevere.curry
Level 1
Level 1
In response to Giuseppe Larosa

‎11-15-2008 10:13 AM

What we have looks fine unless you see something.

ny60wa06zdr01#show run | inc aaa

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authentication login console group tacacs+ enable

aaa authentication login async none

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec console none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 1 console none

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization commands 15 console none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ny60wa06zdr01#

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to bedevere.curry

‎11-15-2008 10:20 AM

Hello Bedevere,

>> aaa authentication enable default group tacacs+ enable

this means the tacacs server(s) are used when you go in enable.

Verify if the user associated to the management SW has privilege less then 15

if so to go in enable a new authentication with tacacs is needed.

to check level use

sh privilege

enter with the same account used by ciscoworks

Hope to help

Giuseppe

0 Helpful

bedevere.curry
Level 1
Level 1
In response to Giuseppe Larosa

‎11-15-2008 10:45 AM

Not sure what you are asking. I do want to mention, its only happening to this device and it was upgraded to s72033-ipservicesk9-mz.122-33.SXH3.bin

0 Helpful

bedevere.curry
Level 1
Level 1
In response to bedevere.curry

‎11-15-2008 12:40 PM

This issue is a known bug. Cisco recommended to upgrade to none bug ios

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to bedevere.curry

‎11-15-2008 01:42 PM

Hello Bedevere,

good news that you found the reason for the problem.

Best Regards

Giuseppe

0 Helpful

jpl861
Level 4
Level 4
In response to Giuseppe Larosa

‎12-15-2008 03:43 AM

Hi,

Do you have a bug ID for this one? I'm experiencing this one with our Sup32. The IOS is s3223-ipservicesk9_wan-mz.122-33.SXH3a.bin.

Thanks,

John

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card