01-05-2014 11:09 AM
Hi All,
I have a Cisco 2970. I have set it up so that I can login to the switch with SSH and the connection is allowed. The error or issue I am having is that I cannot run enable. When I try to run Enable, I get the following result:
C2970>enable
% Error in authentication.
It also doesn't prompt me for the password, which is add because I have it set for that user and for enable, or I I think I did it correctly. Any ideas on what i might have missed?
Thank you!
Solved! Go to Solution.
01-05-2014 03:14 PM
Thanks for the additional information. Yes I do believe that this is something significant. It indicates that there is not an enable password (or enable secret) configured. That is consistent with the error being generated and that it does not prompt for a password.
If you are on the console it does not matter if there is no enable password/secret and you get into privilege mode. But where you are accessing via SSH (or via Telnet) there must be a password protecting privilege mode. So what is happening is that you do SSH and get to user mode. Then you attempt to do enable to get to privilege mode. But IOS realizes that there is no password configured and that means that you would not be able to get to privilege mode. So it does not prompt for any password and immediately indicates that an authentication error has occured.
Try configuring enable secret
HTH
Rick
01-05-2014 11:25 AM
This duplicates a question you asked on the LAN forum
https://supportforums.cisco.com/message/4129402#4129402
In which place would you prefer to continue the discussion?
HTH
Rick
01-05-2014 12:15 PM
Hi Richard, here would be best, so it is a seperate question and not embedded in another question, so if someone else has it they might find it easier here.
Here is the AAA information on the 2970 Switch:
C2970#sh aaa servers
C2970#
C2970#sh aaa method-lists authentication
authen queue=AAA_ML_AUTHEN_LOGIN
authen queue=AAA_ML_AUTHEN_ENABLE
authen queue=AAA_ML_AUTHEN_PPP
authen queue=AAA_ML_AUTHEN_SGBP
authen queue=AAA_ML_AUTHEN_ARAP
authen queue=AAA_ML_AUTHEN_DOT1X
authen queue=AAA_ML_AUTHEN_8021X
authen queue=AAA_ML_AUTHEN_EAPOUDP
authen queue=AAA_ML_AUTHEN_DOT1X
permanent lists
name=Permanent Enable None valid=1 id=0 state=ALIVE : ENABLE NONE
name=Permanent Enable valid=1 id=0 state=ALIVE : ENABLE
name=Permanent None valid=1 id=0 state=ALIVE : NONE
name=Permanent Local valid=1 id=0 state=ALIVE : LOCAL
name=Permanent rcmd valid=1 id=0 state=ALIVE : RCMD
C2970#sh aaa user all
--------------------------------------------------
Unique id 2 is currently in use.
Accounting:
log=0x18001
Events recorded :
CALL START
INTERIM START
INTERIM STOP
update method(s) :
NONE
update interval = 0
Outstanding Stop Records : 0
Dynamic attribute list:
01E878D0 0 00000001 connect-progress(44) 4 No Progress
01E878E4 0 00000001 pre-session-time(272) 4 64055(FA37)
01E878F8 0 00000001 elapsed_time(339) 4 0(0)
01E8790C 0 00000001 pre-bytes-in(268) 4 0(0)
01E87920 0 00000001 pre-bytes-out(269) 4 0(0)
01E623E0 0 00000001 pre-paks-in(270) 4 0(0)
01E623F4 0 00000001 pre-paks-out(271) 4 0(0)
No data for type EXEC
No data for type CONN
NET: Username=(n/a)
Session Id=00000001 Unique Id=00000002
Start Sent=0 Stop Only=N
stop_has_been_sent=N
Method List=0
Attribute list:
02D2408C 0 00000001 session-id(336) 4 1(1)
--------
No data for type CMD
No data for type SYSTEM
No data for type RM CALL
No data for type RM VPDN
No data for type AUTH PROXY
No data for type 8
No data for type IPSEC-TUNNEL
No data for type RESOURCE
No data for type 11
No data for type 12
No data for type CALL
No data for type VPDN-TUNNEL
No data for type VPDN-TUNNEL-LINK
Debg: No data available
Radi: No data available
Interface:
TTY Num = 0
Stop Received = 0
Byte/Packet Counts till Call Start:
Start Bytes In = 0 Start Bytes Out = 0
Start Paks In = 0 Start Paks Out = 0
Byte/Packet Counts till Service Up:
Pre Bytes In = 0 Pre Bytes Out = 0
Pre Paks In = 0 Pre Paks Out = 0
Cumulative Byte/Packet Counts :
Bytes In = 0 Bytes Out = 0
Paks In = 0 Paks Out = 0
StartTime = 21:09:48 MST Feb 28 1993
Component = EXEC
Authen: service=LOGIN type=ASCII method=NONE
Kerb: No data available
Meth: No data available
PreA: No data available
General:
Unique Id = 00000002
Session Id = 00000001
Attribute List:
02D2408C 0 00000009 interface(170) 4 tty0
02D240A0 0 00000001 port-type(174) 4 Async
02D240B4 0 00000009 clid(37) 5 async
PerU: No data available
--------------------------------------------------
Unique id 8 is currently in use.
Accounting:
log=0x18001
Events recorded :
CALL START
INTERIM START
INTERIM STOP
update method(s) :
NONE
update interval = 0
Outstanding Stop Records : 0
Dynamic attribute list:
02D2408C 0 00000001 connect-progress(44) 4 No Progress
02D240A0 0 00000001 pre-session-time(272) 4 3845(F05)
02D240B4 0 00000001 elapsed_time(339) 4 0(0)
02D240C8 0 00000001 pre-bytes-in(268) 4 0(0)
02D240DC 0 00000001 pre-bytes-out(269) 4 0(0)
02A98C50 0 00000001 pre-paks-in(270) 4 0(0)
02A98C64 0 00000001 pre-paks-out(271) 4 0(0)
No data for type EXEC
No data for type CONN
NET: Username=(n/a)
Session Id=00000007 Unique Id=00000008
Start Sent=0 Stop Only=N
stop_has_been_sent=N
Method List=0
Attribute list:
01E878D0 0 00000001 session-id(336) 4 7(7)
--------
No data for type CMD
No data for type SYSTEM
No data for type RM CALL
No data for type RM VPDN
No data for type AUTH PROXY
No data for type 8
No data for type IPSEC-TUNNEL
No data for type RESOURCE
No data for type 11
No data for type 12
No data for type CALL
No data for type VPDN-TUNNEL
No data for type VPDN-TUNNEL-LINK
Debg: No data available
Radi: No data available
Interface:
TTY Num = 1
Stop Received = 0
Byte/Packet Counts till Call Start:
Start Bytes In = 0 Start Bytes Out = 0
Start Paks In = 0 Start Paks Out = 0
Byte/Packet Counts till Service Up:
Pre Bytes In = 0 Pre Bytes Out = 0
Pre Paks In = 0 Pre Paks Out = 0
Cumulative Byte/Packet Counts :
Bytes In = 0 Bytes Out = 0
Paks In = 0 Paks Out = 0
StartTime = 13:53:24 MST Mar 1 1993
Component = EXEC
Authen: service=LOGIN type=ASCII method=LOCAL
Kerb: No data available
Meth: No data available
PreA: No data available
General:
Unique Id = 00000008
Session Id = 00000007
Attribute List:
01E878D0 0 00000009 interface(170) 4 tty1
01E878E4 0 00000001 port-type(174) 4 Virtual Terminal
01E878F8 0 00000009 clid(37) 12 192.168.1.63
PerU: No data available
01-05-2014 12:56 PM
I agree with your logic and the benefit from making this a separate question. Thank you for the information. But in this format it is not very useful. Would you do show run | include aaa and post the output.
HTH
Rick
01-05-2014 01:09 PM
Sorry, here it is:
C2970#show run | include aaa
aaa new-model
aaa session-id common
01-05-2014 01:14 PM
Thanks. This is much more useful. For the next step I would ask that you do show run | inc enable and post the output.
HTH
Rick
01-05-2014 01:17 PM
C2970#show run | inc enable
C2970#
Nothing, no results, is that something?
01-05-2014 03:14 PM
Thanks for the additional information. Yes I do believe that this is something significant. It indicates that there is not an enable password (or enable secret) configured. That is consistent with the error being generated and that it does not prompt for a password.
If you are on the console it does not matter if there is no enable password/secret and you get into privilege mode. But where you are accessing via SSH (or via Telnet) there must be a password protecting privilege mode. So what is happening is that you do SSH and get to user mode. Then you attempt to do enable to get to privilege mode. But IOS realizes that there is no password configured and that means that you would not be able to get to privilege mode. So it does not prompt for any password and immediately indicates that an authentication error has occured.
Try configuring enable secret
HTH
Rick
01-05-2014 03:58 PM
All this time I thought I had the enable secret set!
Thanks!
01-05-2014 05:45 PM
I am glad that you have solved this problem and that my suggestions were helpful. Thank you for using the rating system to mark this question as answered.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: