02-23-2010 08:29 AM - edited 03-06-2019 09:51 AM
I upgraded a series of 3560s and 4506s to version 12.2(53)SE and 12.2(53)SG1, respectively. Before the upgrade, I would login to the switches using an SSH client. I'd enter a user id and password for the initial connection and then if I wanted to get into enable mode, I had to enter a separate password. Now, after the upgrade, on the 3560s, I am automatically placed into enable mode after entering the initial userid/password sequence. There's no need to enter a separate enable password. On the 4506s, the functionality is the same as before the upgrade. Any ideas on what happened and how I might be able to get the 3560s back to the original behavior?
Solved! Go to Solution.
03-01-2010 01:41 PM
Hello Sdavids5670,
without seeing your configuration and may be the output of appropriate debug commands is difficult to say what has changed.
It should be more related to AAA commands rather then the use of SSH instead of telnet.
skip username and passwords, change your public ip addresses if any on devices and post the configuration.
probably a default AAA command was changed and it is causing this behavior.
Hope to help
Giuseppe
03-01-2010 10:45 PM
I upgraded a series of 3560s and 4506s to version 12.2(53)SE and 12.2(53)SG1, respectively. Before the upgrade, I would login to the switches using an SSH client. I'd enter a user id and password for the initial connection and then if I wanted to get into enable mode, I had to enter a separate password. Now, after the upgrade, on the 3560s, I am automatically placed into enable mode after entering the initial userid/password sequence. There's no need to enter a separate enable password. On the 4506s, the functionality is the same as before the upgrade. Any ideas on what happened and how I might be able to get the 3560s back to the original behavior?
Hi,
It can be problem with aaa configuration in your switches for enable mode authentication just check out the below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
Hope to Help !!
If helpful do rate the post
Ganesh.H
03-01-2010 01:41 PM
Hello Sdavids5670,
without seeing your configuration and may be the output of appropriate debug commands is difficult to say what has changed.
It should be more related to AAA commands rather then the use of SSH instead of telnet.
skip username and passwords, change your public ip addresses if any on devices and post the configuration.
probably a default AAA command was changed and it is causing this behavior.
Hope to help
Giuseppe
03-01-2010 10:45 PM
I upgraded a series of 3560s and 4506s to version 12.2(53)SE and 12.2(53)SG1, respectively. Before the upgrade, I would login to the switches using an SSH client. I'd enter a user id and password for the initial connection and then if I wanted to get into enable mode, I had to enter a separate password. Now, after the upgrade, on the 3560s, I am automatically placed into enable mode after entering the initial userid/password sequence. There's no need to enter a separate enable password. On the 4506s, the functionality is the same as before the upgrade. Any ideas on what happened and how I might be able to get the 3560s back to the original behavior?
Hi,
It can be problem with aaa configuration in your switches for enable mode authentication just check out the below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
Hope to Help !!
If helpful do rate the post
Ganesh.H
03-03-2010 07:06 AM
Thanks for the help. There were two approaches to returning the behavior back to what it was before the upgrade. I either a) needed to add 'aaa new-model' to the configuration or b) I needed to remove the 'password' command from the 'line vty' section. Either one worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide