Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
3
Replies

Change in behavior of ssh session after IOS upgrade

Go to solution
sdavids5670
Level 2
Level 2

‎02-23-2010 08:29 AM - edited ‎03-06-2019 09:51 AM

I upgraded a series of 3560s and 4506s to version 12.2(53)SE and 12.2(53)SG1, respectively.  Before the upgrade, I would login to the switches using an SSH client.  I'd enter a user id and password for the initial connection and then if I wanted to get into enable mode, I had to enter a separate password.  Now, after the upgrade, on the 3560s, I am automatically placed into enable mode after entering the initial userid/password sequence.  There's no need to enter a separate enable password.  On the 4506s, the functionality is the same as before the upgrade.  Any ideas on what happened and how I might be able to get the 3560s back to the original behavior?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-01-2010 01:41 PM

Hello Sdavids5670,

without seeing your configuration and may be the output of appropriate debug commands is difficult to say what has changed.

It should be more related to AAA commands rather then the use of SSH instead of telnet.

skip username and passwords, change your public ip addresses if any on devices and post the configuration.

probably a default AAA command was changed and it is causing this behavior.

Hope to help

Giuseppe

View solution in original post

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎03-01-2010 10:45 PM 

I upgraded a series of 3560s and 4506s to version 12.2(53)SE and
12.2(53)SG1, respectively.  Before the upgrade, I would login to the
switches using an SSH client.  I'd enter a user id and password for the
initial connection and then if I wanted to get into enable mode, I had
to enter a separate password.  Now, after the upgrade, on the 3560s, I
am automatically placed into enable mode after entering the initial
userid/password sequence.  There's no need to enter a separate enable
password.  On the 4506s, the functionality is the same as before the
upgrade.  Any ideas on what happened and how I might be able to get the
3560s back to the original behavior?

Hi,

It can be problem with aaa configuration in your switches for enable mode authentication just check out the below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.

aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

If helpful do rate the post

Ganesh.H

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-01-2010 01:41 PM

Hello Sdavids5670,

without seeing your configuration and may be the output of appropriate debug commands is difficult to say what has changed.

It should be more related to AAA commands rather then the use of SSH instead of telnet.

skip username and passwords, change your public ip addresses if any on devices and post the configuration.

probably a default AAA command was changed and it is causing this behavior.

Hope to help

Giuseppe

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎03-01-2010 10:45 PM 

I upgraded a series of 3560s and 4506s to version 12.2(53)SE and
12.2(53)SG1, respectively.  Before the upgrade, I would login to the
switches using an SSH client.  I'd enter a user id and password for the
initial connection and then if I wanted to get into enable mode, I had
to enter a separate password.  Now, after the upgrade, on the 3560s, I
am automatically placed into enable mode after entering the initial
userid/password sequence.  There's no need to enter a separate enable
password.  On the 4506s, the functionality is the same as before the
upgrade.  Any ideas on what happened and how I might be able to get the
3560s back to the original behavior?

Hi,

It can be problem with aaa configuration in your switches for enable mode authentication just check out the below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.

aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

If helpful do rate the post

Ganesh.H

0 Helpful

Go to solution
sdavids5670
Level 2
Level 2
In response to Ganesh Hariharan

‎03-03-2010 07:06 AM

Thanks for the help.  There were two approaches to returning the behavior back to what it was before the upgrade.  I either a) needed to add 'aaa new-model' to the configuration or b) I needed to remove the 'password' command from the 'line vty' section.  Either one worked.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card