Enable password not working through local logging

Unanswered Question
May 6th, 2010

Hi,

Here is problem with switch 6509, I am able to get logging through the ACS password. But when ACS is not in network i am able to get logging through local user name / password.

getting enable mode, when type the enable password switch is not taking and i am not able to get access.

Wt RO.......

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Thu, 05/06/2010 - 01:37

hi

Do remove this file and attach the config file. check before attaching here.

regds

Ganesh Hariharan Thu, 05/06/2010 - 01:38

Re: Enable password not working through local logging                                                                                                                                  

                                                                  

Hi,

Find the att. file for AAA.

           
        Attachments:                

It is not having the configuration of AAA,any how check out the below link for configuring the aaa on switches/routers

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Ganesh Hariharan Thu, 05/06/2010 - 02:04

Hi All,

Sorry i attached wrong file.

Ple find the att. AAA config file.

           
        Attachments:                

What is the error message are you getting in ACS under failed attempts logs when you try to login in to  switch.

Ganesh.H

jyotiraj_Majumd... Thu, 05/06/2010 - 02:19

Hi,

No not any error

Just not taking enable password. when i try 3 -4 times it will come out.

Regard..

Jyoti

Ganesh Hariharan Thu, 05/06/2010 - 02:34

Hi,

No not any error

Just not taking enable password. when i try 3 -4 times it will come out.

Regard..

Jyoti

Jyoti,

Are you sure you are not getting any failed attempt message in ACS  when ever you are going into enable password ,do one thing in ACS you have option under user setting --tacas+enable password --select here as Use CiscoSecure PAP password.

Hope to help !!

Ganesh.H

Ganesh Hariharan Thu, 05/06/2010 - 23:13

Hi,

No not any error

Just not taking enable password. when i try 3 -4 times it will come out.

Regard..

Jyoti

Hi Joyti,

Is local username database is created when your are trying and also can you post your config.

Just go thourgh this link also when acs goes down local database comes in picture

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#cfg_auth

Hope to Help !!

Ganesh.H

spremkumar Thu, 05/06/2010 - 02:09

hi

try this and revert.

no aaa authorization config-commands

no aaa authorization exec default group tacacs+ if-authenticated

no aaa accounting suppress null-username

no aaa accounting exec default start-stop group tacacs+

aaa authorization console

aaa authorization configuration default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting commands 5 default start-stop group tacacs+

regds

Actions

This Discussion

Related Content