Solved: Re: SSH Access Denied

bdeandrade · ‎10-13-2017

Hi,

I have a problem when I want to access to my 2960x by SSH.

In fact, when I use the "Admin" account, I don't have problem to access.

But I want to use another accout (mle), I have an access denied. I don't understand why because I created the account like "Admin" account.

Here the config:

!
! Last configuration change at 12:37:36 EDT Thu Oct 12 2017 by admin
! NVRAM config last updated at 11:01:43 EDT Thu Oct 12 2017 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname CISCO_US_0
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$/GLc$TBZdaH5BrhQZ1KmJuVt.K.
!
username admin privilege 15 password 7 03295A0C074E76196C590A
username mle privilege 15 secret 5 $1$6ABu$IgTj1t6RS0oQXsRh0FuhD1
no aaa new-model
clock timezone EDT -5 0
clock summer-time EDT recurring
switch 1 provision ws-c2960x-48ts-l
ip routing
no ip cef optimize neighbor resolution
!
!
ip domain-name toto.com
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3516061440
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3516061440
 revocation-check none
 rsakeypair TP-self-signed-3516061440
!
!
crypto pki certificate chain TP-self-signed-3516061440
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33353136 30363134 3430301E 170D3137 31303039 31343332 
  34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35313630 
  36313434 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100AFBA 88EA560C 44843227 B9DA682A 38FCB859 6C59AB3F 28FE427D 491451B3 
  611E7620 96DBD575 052142D6 1E5705D8 D57703C2 0EA82D6D 61E32E3A B60C4227 
  1258631F 2EF525FE 996DFD59 1DE70647 EBDACB30 4BE6C3A4 1348EE79 FB3C06AA 
  263F965E 8429811B 0FA182C3 02639DB0 730BBC0C D5F5AB9A AB688EDC BEEB5EF6 
  BF390203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 146B9814 DB65AE56 1068F90F 50ABA525 F719A763 98301D06 
  03551D0E 04160414 6B9814DB 65AE5610 68F90F50 ABA525F7 19A76398 300D0609 
  2A864886 F70D0101 05050003 8181003E 585E29D5 681F4862 98D14FA9 8C3CC443 
  10636233 5C3E4DF5 5AB536FE 0ACEBE4F 2450C1B8 98DFB4F7 2AA3EE3C 7AAD3DFE 
  C26682B3 72306D01 2773D37C 3B99A04A 253CA3E9 1195455F 0AA1F6B0 61571E21 
  63E49541 C7F95404 019034EF 2EB61C22 CCC90F15 5FCB3FCD 06AE9FEF 51EB5DAD 
  4CE35FBF 7C904A53 7A950344 A2C6E1
  	quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
! 
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description CHECKPOINT
 switchport mode access
!
interface GigabitEthernet1/0/2
 description NETGEAR
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 description USFILE
 switchport mode access
!
interface GigabitEthernet1/0/4
 description WDUS
 switchport mode access
!
interface GigabitEthernet1/0/5
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/6
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/7
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/8
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/9
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/10
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/11
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/12
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/13
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/14
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/15
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/16
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/17
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/18
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/19
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/20
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/21
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/22
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/23
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/24
 description *SERVER*
 switchport mode access
!
interface GigabitEthernet1/0/25
 description *MCS:PLN*
 switchport access vlan 83
 switchport mode access
 switchport port-security mac-address 2816.ad57.a567
 switchport port-security
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/26
 description *MCS*
 switchport access vlan 83
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/27
 description *MCS*
 switchport access vlan 83
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/28
 description *MCS*
 switchport access vlan 83
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/29
 description *MCS*
 switchport access vlan 83
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/30
 description *MCS*
 switchport access vlan 83
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/31
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/32
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/33
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/34
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/35
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/36
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/37
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/38
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/39
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/40
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/41
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/42
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/43
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/44
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/45
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/46
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/47
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/48
 description *USERS*
 switchport access vlan 81
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard loop
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
 ip address 192.168.8.254 255.255.255.0
!
interface Vlan81
 description Users_USA_LAN
 ip address 192.168.81.254 255.255.255.0
 ip access-group ACL_VLAN81 in
 ip helper-address 192.168.8.8
!
interface Vlan83
 description Users_MCS_USA
 ip address 192.168.83.14 255.255.255.240
 ip access-group ACL_VLAN83 in
 ip helper-address 192.168.8.8
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.8.1
ip ssh time-out 60
ip ssh logging events
ip ssh version 2
!
ip access-list extended ACL_VLAN81
 deny   ip 192.168.81.0 0.0.0.255 192.168.83.0 0.0.0.15
 permit ip any any
ip access-list extended ACL_VLAN83
 deny   ip 192.168.83.0 0.0.0.15 192.168.81.0 0.0.0.255
 permit ip any any
logging facility syslog
logging host 172.16.1.175
!
!
!
line con 0
 logging synchronous
 login local
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
ntp server 192.168.8.8 prefer
end

Thanks for your help.

Meheretab Mengistu · ‎10-16-2017

config t
no username mle
username mle privilege 15 password 0 CLEAR-TEXT_PASSWORD
!
Where CLEAR-TEXT_PASSWORD == your password

HTH,
Meheretab

View solution in original post

Mark Malone · ‎10-13-2017

But I want to use another accout (mle), I have an access denied. I don't understand why because I created the account like "Admin" account.

Its not exactly the same
Is it taking the global secret password, if you look at the config the admin acc is setup using password then global secret you have also applied a secret , try set your mls acc with password and use the global secret that's already in place

bdeandrade · ‎10-16-2017

Hi,

Ok thanks for the answer.

But how I can add an account with a different password.

Thanks.

Meheretab Mengistu · ‎10-16-2017

config t
no username mle
username mle privilege 15 password 0 CLEAR-TEXT_PASSWORD
!
Where CLEAR-TEXT_PASSWORD == your password

HTH,
Meheretab

Georg Pauwen · ‎10-16-2017

Hello,

I think what Mark is referring to is to set up your accounts like this:

username admin privilege 15 password 7 03295A0C074E76196C590A
username mls privilege 15 password 7 03295A0C074E76196C590A

Mark Malone · ‎10-17-2017

Hi

Yes exactly as George has posted , let us know if it works

bdeandrade · ‎10-17-2017

Thanks for your solution

It's working now.

gmcclintock · ‎11-21-2018

I just wanted to thank you guys for posting and solving this problem, because I was having the same issue with a C2621 and I came across this thread and it was the solution for my problem as well.....thank you.

I love this cisco community you guys are awesome.