Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1198
Views
0
Helpful
4
Replies

cisco 3850 console continues to ask for "password" at boot

Eric R. Jones
Level 4
Level 4

‎10-21-2018 07:34 PM - edited ‎03-01-2019 08:50 AM

Hello, we have a 385024TS on our network using ACS and ISE. 

Edges authenticate through ISE and administrator users authenticate through ACS right now.

We attempted to access the 3850 from the CLI while the switch was connected to the network/AAA server.

At the console prompt at login we were greated with "password".

Not "username" as we expected to see.

We disconnected and reloaded the switch so it should not be looking for the AAA server or the ISE server; however, we got the same request for "password".

Each time we entered our enable password or the secret password but no luck.

Since it's not asking for a user name we suspect it's asking for the local admin password configured on the switch.

Has anyone run into this issue before?

I have but usually after disconnecting from the network I regain control and I am asked for username/password.

 

ej

Labels:
0 Helpful
4 Replies 4

johnd2310
Level 8
Level 8

‎10-21-2018 08:26 PM

Hi,

What is the aaa configuration of line console 0?

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Eric R. Jones
Level 4
Level 4
In response to johnd2310

‎10-22-2018 06:55 PM

the vty lines aren't added but have password configurations.

the console doesn't

 

Line con 0
no access-class (std acl number) in
exec-timeout 9 0
privilege level 0
logging synchronous
login authentication default
!

0 Helpful

johnd2310
Level 8
Level 8
In response to Eric R. Jones

‎10-24-2018 03:52 AM

Hi,

What is the aaa configuration? i.e.

 

aaa authentication login XXX

aaa authentication enable XXX

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Eric R. Jones
Level 4
Level 4
In response to johnd2310

‎10-24-2018 03:21 PM

We recently deployed dot1x on all our switches; however, this issue has occurred in the past on random switches.

It has affected 3750X's as well as 3850's.

 

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group <ISE cfg>
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization network default group < ISE cfg>
aaa accounting update newinfo periodic <value>
aaa accounting dot1x default start-stop group <ISE cfg>
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents