Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4211
Views
0
Helpful
3
Replies

SG300, telnet and RADIUS authentication.

Flaming Badger
Level 1
Level 1

‎05-22-2012 01:33 PM

Hi guys,

Hopefully I'm just being dumb and there is a simple answer to this.  I have an SG300 authenticating telnet login to a RADIUS server.  It allows me to log in at Priv level 1.  when I try and enter Priv 15 mode, I'm prompted for a password which I don't appear to be able to set anywhere or know.

If I remove RADIUS and go back to Local authentication, telnet logs me in at Priv15 immediately.  Anyone got any ideas?

Cheers

IW

Labels:
0 Helpful
3 Replies 3

David Hornstein
Level 7
Level 7

‎05-22-2012 10:49 PM

Hi Iain,

You can create  a enable password into the switch via the following command in blue.

switch38cbaf#

switch38cbaf#

switch38cbaf#conf

switch38cbaf(config)#enable password level 15 xxxxxxxx  where xxxxxxxx is the password

switch38cbaf(config)#exit

switch38cbaf#wr


switch38cbaf#exit


C:\Users\testing>  telnet 192.168.10.13   (my SG300-10P)

User Name:dialin               (radius authentication passed)

Password:*********

switch38cbaf>enable

Password:xxxxxxxx


13-Nov-2011 03:43:54 %AAA-I-CONNECT: User CLI session for user unKnown over telnet , source 192.168.10.19 destination  192.168.10.13 ACCEPTED

switch38cbaf#   enable password allowed me to get full control

I have opened a case with the Small Business Support Center (SBSC) as i did notice a couple of issues.

  • There is no option within the GUI to create a enable password,  had to be done via CLI.
  • I have a issue with authentication first  trying local and then radius.

see if this helps

regards Dave

0 Helpful

Flaming Badger
Level 1
Level 1
In response to David Hornstein

‎05-23-2012 09:14 AM

Hi Dave,

I tried that yesterday and again just now (to make sure I wasn't being stupid) and it still seems to reject the password I've typed in.

When connected to CLI as a local Priv15 user:

"SG300-10(config)#enable password level 15 password"

Then flick authentication over to RADIUS.

User Name: xxxxxx  

Password:*********

SG300-10>show priv

Current privilege level is 1

SG300-10>en

Password:********

Password:*********

Password:********

authentication failed

SG300-10>

For reference:

SW version    1.1.2.0 ( date  12-Nov-2011 time  23:34:26 )

Thanks for your efforts so far.  Any further help greatly accepted.

Cheers

Iain.

0 Helpful

Flaming Badger
Level 1
Level 1
In response to Flaming Badger

‎05-23-2012 09:28 AM

OK, fixed it

From CLI as a Priv15 user,

conf t

line telnet

no enable authentication

Thanks for your help in getting this going.

Iain.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents