Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco asking for username when going to enable

Is this a bug? It's affecting our monitoring system and ciscoworks.

ny60wa06zdr01#show module

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1231ZCCZ

3 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL083430ES

4 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0722EFCG

5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1232ZS46

System image file is "sup-bootflash:s72033-ipservicesk9-mz.122-33.SXH3.bin"

7 REPLIES
Hall of Fame Super Silver

Re: Cisco asking for username when going to enable

Hello Bedevere,

verify if the following commands are present:

aaa new-model

aaa authentication enable default radius tacacs local

(just one of the options is enough ..)

if so when you try to go in enable mode it will ask for a username password pair.

see

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1041720

Hope to help

Giuseppe

New Member

Re: Cisco asking for username when going to enable

What we have looks fine unless you see something.

ny60wa06zdr01#show run | inc aaa

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authentication login console group tacacs+ enable

aaa authentication login async none

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec console none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 1 console none

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization commands 15 console none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ny60wa06zdr01#

Hall of Fame Super Silver

Re: Cisco asking for username when going to enable

Hello Bedevere,

>> aaa authentication enable default group tacacs+ enable

this means the tacacs server(s) are used when you go in enable.

Verify if the user associated to the management SW has privilege less then 15

if so to go in enable a new authentication with tacacs is needed.

to check level use

sh privilege

enter with the same account used by ciscoworks

Hope to help

Giuseppe

New Member

Re: Cisco asking for username when going to enable

Not sure what you are asking. I do want to mention, its only happening to this device and it was upgraded to s72033-ipservicesk9-mz.122-33.SXH3.bin

New Member

Re: Cisco asking for username when going to enable

This issue is a known bug. Cisco recommended to upgrade to none bug ios

Hall of Fame Super Silver

Re: Cisco asking for username when going to enable

Hello Bedevere,

good news that you found the reason for the problem.

Best Regards

Giuseppe

Re: Cisco asking for username when going to enable

Hi,

Do you have a bug ID for this one? I'm experiencing this one with our Sup32. The IOS is s3223-ipservicesk9_wan-mz.122-33.SXH3a.bin.

Thanks,

John

269
Views
5
Helpful
7
Replies
CreatePlease login to create content