11-15-2008 09:28 AM - edited 03-04-2019 12:20 AM
Is this a bug? It's affecting our monitoring system and ciscoworks.
ny60wa06zdr01#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1231ZCCZ
3 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL083430ES
4 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0722EFCG
5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1232ZS46
System image file is "sup-bootflash:s72033-ipservicesk9-mz.122-33.SXH3.bin"
11-15-2008 09:37 AM
Hello Bedevere,
verify if the following commands are present:
aaa new-model
aaa authentication enable default radius tacacs local
(just one of the options is enough ..)
if so when you try to go in enable mode it will ask for a username password pair.
see
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1041720
Hope to help
Giuseppe
11-15-2008 10:13 AM
What we have looks fine unless you see something.
ny60wa06zdr01#show run | inc aaa
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login console group tacacs+ enable
aaa authentication login async none
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec console none
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 1 console none
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization commands 15 console none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
ny60wa06zdr01#
11-15-2008 10:20 AM
Hello Bedevere,
>> aaa authentication enable default group tacacs+ enable
this means the tacacs server(s) are used when you go in enable.
Verify if the user associated to the management SW has privilege less then 15
if so to go in enable a new authentication with tacacs is needed.
to check level use
sh privilege
enter with the same account used by ciscoworks
Hope to help
Giuseppe
11-15-2008 10:45 AM
Not sure what you are asking. I do want to mention, its only happening to this device and it was upgraded to s72033-ipservicesk9-mz.122-33.SXH3.bin
11-15-2008 12:40 PM
This issue is a known bug. Cisco recommended to upgrade to none bug ios
11-15-2008 01:42 PM
Hello Bedevere,
good news that you found the reason for the problem.
Best Regards
Giuseppe
12-15-2008 03:43 AM
Hi,
Do you have a bug ID for this one? I'm experiencing this one with our Sup32. The IOS is s3223-ipservicesk9_wan-mz.122-33.SXH3a.bin.
Thanks,
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: