Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3130
Views
5
Helpful
4
Replies

Cisco Catalyst 6807-XL Switch console login

Go to solution
eng.rwaidat
Level 1
Level 1

‎06-24-2019 01:06 AM

could you help me please why i cant access my cisco catalyst 6807-XL SW by console after i added tacacs+ configuration , when tried to connectstill   by console i get the below error :

 

Jun 22 10:52:30.665: SW2: AAA/BIND(0000007F): Bind i/f 

Jun 22 10:52:30.665: SW2: AAA/AUTHEN/LOGIN (0000007F): Pick method list 'default'

Jun 22 10:52:32.665: SW2: AAA/AUTHEN/LOGIN (0000007F): Pick method list 'default'

 

now i can not access it by any way , i tried to turned off the tacacs server but it still asked me for username and password , i tried the local username and PW which i am sure that true but not accessible and give me the same above in red logs ....

 

this is the configuration which i added befor i lost the connection to the SW : 

 

enable secret 5 $1$0i76$fChwt2U0cOHjsLLx2m0PB.
!
username admin privilege 15 secret 5 $1$IWfN$9I3w1hU087Xyjnjkh1c6I.

 

aaa new-model


aaa group server tacacs+ ACS-TACACS
server 10.1.65.13
server 10.1.65.14


aaa authentication login MGMT group tacacs+ local
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group ACS-TACACS local if-authenticated
aaa authorization commands 15 default group ACS-TACACS local none
aaa accounting exec default start-stop group ACS-TACACS
aaa accounting commands 15 default start-stop group ACS-TACACS


aaa session-id common

 

 

line vty 0 4
session-timeout 120
access-class VTY-Zain in
exec-timeout 120 0
login authentication MGMT
length 0
transport input ssh
line vty 5 15
access-class VTY-Zain in
login authentication MGMT
transport input ssh

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-24-2019 07:20 AM

Flip this: aaa authentication login MGMT group tacacs+ local
To this: aaa authentication login MGMT group ACS-TACACS local
Setup a separate AAA line for console access just as a fail safe:
aaa authentication login console local
I assume you left out some tacacs+ commands you have entered like the shared-secret etc. Good luck.

View solution in original post

4 Replies 4

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-24-2019 07:20 AM

Flip this: aaa authentication login MGMT group tacacs+ local
To this: aaa authentication login MGMT group ACS-TACACS local
Setup a separate AAA line for console access just as a fail safe:
aaa authentication login console local
I assume you left out some tacacs+ commands you have entered like the shared-secret etc. Good luck.

Go to solution
eng.rwaidat
Level 1
Level 1
In response to Mike.Cifelli

‎06-24-2019 08:59 AM

Thanks for you effort but i cant access it now by console nor by tacacs
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to eng.rwaidat

‎06-24-2019 12:57 PM - edited ‎06-24-2019 12:58 PM

Are you able to login from SSH ?

 

2 Options, try to disable in ACS this node see if you can access.

if not if you have not saved the config, reload the device to get back to normal.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
eng.rwaidat
Level 1
Level 1
In response to balaji.bandi

‎06-24-2019 07:58 PM

I cant access it from ssh and i already saved the config
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents