cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
0
Helpful
4
Replies
Highlighted
Beginner

cisco 3850 console continues to ask for "password" at boot

Hello, we have a 385024TS on our network using ACS and ISE. 

Edges authenticate through ISE and administrator users authenticate through ACS right now.

We attempted to access the 3850 from the CLI while the switch was connected to the network/AAA server.

At the console prompt at login we were greated with "password".

Not "username" as we expected to see.

We disconnected and reloaded the switch so it should not be looking for the AAA server or the ISE server; however, we got the same request for "password".

Each time we entered our enable password or the secret password but no luck.

Since it's not asking for a user name we suspect it's asking for the local admin password configured on the switch.

Has anyone run into this issue before?

I have but usually after disconnecting from the network I regain control and I am asked for username/password.

 

ej

Everyone's tags (5)
4 REPLIES 4
Collaborator

Re: cisco 3850 console continues to ask for "password" at boot

Hi,

What is the aaa configuration of line console 0?

 

Thanks

John

**Please rate posts you find helpful**
Beginner

Re: cisco 3850 console continues to ask for "password" at boot

the vty lines aren't added but have password configurations.

the console doesn't

 

Line con 0
no access-class (std acl number) in
exec-timeout 9 0
privilege level 0
logging synchronous
login authentication default
!

Collaborator

Re: cisco 3850 console continues to ask for "password" at boot

Hi,

What is the aaa configuration? i.e.

 

aaa authentication login XXX

aaa authentication enable XXX

 

Thanks

John

**Please rate posts you find helpful**
Beginner

Re: cisco 3850 console continues to ask for "password" at boot

We recently deployed dot1x on all our switches; however, this issue has occurred in the past on random switches.

It has affected 3750X's as well as 3850's.

 

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group <ISE cfg>
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization network default group < ISE cfg>
aaa accounting update newinfo periodic <value>
aaa accounting dot1x default start-stop group <ISE cfg>
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards