Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
3
Replies

Authentication problem with LAN switch

jrgarrigues
Level 1
Level 1

‎07-03-2005 03:05 PM - edited ‎03-02-2019 11:16 PM

Experienced a power loss while remotely uploading a new configuration to a WS-C2924-XL (running IOS 12.0(5)WC8). I am unable to authenticate since the device reloaded.

I know that part of the config was successfully uploaded because I am being prompted for the aaa authentication username/password (no username/password was applied before I attempted the upload). WAN connectivity (to the tacacs+ server is available, so I don't believe that part of the config made it to the switch. Relevant config is shown below:

aaa new-model

aaa authentication password-prompt Backup_Authentication_Password:

aaa authentication username-prompt Backup_Authentication_Username:

aaa authentication login default group tacacs+ local

aaa authorization exec default local group tacacs+

aaa authorization commands 0 default local group tacacs+

aaa authorization commands 1 default local group tacacs+

aaa authorization commands 15 default local group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

enable secret xxx

!

username xxx password xxx

=======================================

I do not have anybody on-site and the only connection available to me is via fa0/1 through the router. Trying to figure out how to gain access to the device in order to complete the config.

Any suggestions will be greatly appreciated.

John

Labels:
0 Helpful
3 Replies 3

milan.kulik
Level 10
Level 10

‎07-03-2005 11:38 PM

Hi,

do I understand correctly that you were uploading a new startup-config file to the switch and the switch reloaded during the upload process due to power-failure?

It means there might be only a part of the new config running in the switch memory with vty commands missing, e.g.

In this case, I'm afraid the only solution is password recovery on the site.

Isn't there a chance the config is complete and there is a mistake in the TACACS+ configuration? Do you see anything i the TACACS server log?

According to

aaa authentication login default group tacacs+ local

if you disable communication between your switch and TACACS server (ACL on the router, e.g.), it should be possible to login using local user password ...

Regards,

Milan

0 Helpful

jrgarrigues
Level 1
Level 1
In response to milan.kulik

‎07-05-2005 06:12 PM

Thanks for the reply, Milan.

I agree with you that only part of the config made it to the switch. Part that didn't make it included the ip address for the tacacs+ server so the switch cannot authenticate with anybody other than the backup username/password. Unfortunately I don't believe that part made it either as it will not allow me to login at all.

On-site personnel rebooted the switch today and I completed the config. I never had a chance to write memory, so a simple reboot solved the problem (sounds like a Windows fix). I was trying to find a way into the box over the weekend so as not to interrupt production when everybody came back to the office today.

Thanks again,

John

0 Helpful

jrgarrigues
Level 1
Level 1
In response to jrgarrigues

‎07-05-2005 06:13 PM

PS If I would have scheduled a reload before doing the config I never would have had this problem. It's always easy to cancel a reload once the maintenance is complete...

John

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card