Cannot get into enable mode???

GREGORY JACKSON · ‎01-25-2006

I cannot get into enable mode I get the following error message

% Error in authentication.

Georg Pauwen · ‎01-25-2006

Hello,

which device do you have (e.g. Cisco 2811 router) ?

Have you been able to get into enable mode before ?

You might want to try a password recovery, check this link:

Password Recovery Procedures

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml

HTH,

GP

Itsmanthony · ‎08-31-2018

Sorry guys! I know this is an old post but I recently had this problem on two different devices at different times. I upgraded IOS for C2960 stack and later in the week 3560E. After the upgrade and subsequent reload we had no access to enable mode. The switches responded back with "error in authentication". We had to locate a local admin who put privilege level 15 on vty 0 4. We previously had access to global config mode (w/o a secret password). Does anyone know why this happened? Thanks!

Dennis Mink · ‎09-03-2018

that to me sounds like the local username(s) did not have a priviliege level.

can you add the relevant config and point out what was changed?

cheers

Please remember to rate useful posts, by clicking on the stars below.

Itsmanthony · ‎09-04-2018

Hi Dennis....

Thanks for looking into this for us. Please note that we had privilege level 15 on vtys 0 4 and was able to access enable mode prior to the IOS upgrades. We were stuck in user mode thereafter.

The previous IOS for C2960 was c2960s-universalk9-mz.122-55.SE3.bin

We upgraded to c2960s-universalk9-tar.150-2.SE11.tar

VTY 0 4 priv 15 had to be manually added via console for us to be able to access enable mode.

Thanks again...

Thanks Dennis!!!

Dennis Mink · ‎09-04-2018

in your current config, trhe vty does not have a priviliege level but the user ID does, so all good.

BTW. if I was you i would remove the config from this post or at least remove the passwords in it, because some use very weak encryption. Just a though

Please remember to rate useful posts, by clicking on the stars below.

gavien · ‎07-11-2023

I have a c3850 that i have been having some trouble with. I am not able to access the switch via console or ssh. When in console mode i can only login to user mode with local credentials when its not able to communicate with my tacacs server. But i am still not able to get into privileged mode . I am receiving the error "Switch>en % Error in authentication." here is my aaa config

aaa group server tacacs+ clearpass
server name ~~~~
!
aaa authentication login default group clearpass local
aaa authentication enable default group clearpass enable
aaa authorization config-commands
aaa authorization exec default group clearpass local if-authenticated
aaa authorization commands 0 default group clearpass local if-authenticated
aaa authorization commands 1 default group clearpass local if-authenticated
aaa authorization commands 15 default group clearpass local if-authenticated
aaa accounting exec default start-stop group clearpass
aaa accounting commands 0 default start-stop group clearpass
aaa accounting commands 1 default start-stop group clearpass
aaa accounting commands 15 default start-stop group clearpass
!
!

!
line con 0
password cisco
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input ssh

You dont need to add the command priviledge level 15 t