Solved: Re: Unable to get console access on switch 3850 - Blank terminal

mrjelly · ‎04-15-2024

Hello,

I have a switch I am unable get a prompt on the console port.

I can SSH to it, and have confirmed that the baud rate and stop bits are correct from the console switch.

There are two other switches that I can console to.

The differences are that the switch I cannot console does not have 'aaa authentication login default local'

(there is no external authentication set, tacacs etc)

There is 'stopbits 1' set on the Line con 0 (this matches the settings the console switch stopbits for that line)

Any help with this please?

mrjelly · ‎05-10-2024

Solution to this was... the cable was unplugged from the console switch to the primary switch.

All other switches in the stack were plugged in.

It's ridiculous I know but the error message was not help either, why an unplugged switch was displaying the error 'authorization failure' and not just a blank screen or some disconnect I don't know.

Not sure if this is an Opengear issue though as the cable wasn't even plugged into the switch so the Cisco switch could not have been providing the error.

View solution in original post

mrjelly · ‎04-15-2024

On the switch logs it shows the log in attempt is from '192.168.1.5 on local port 23'

%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: ] [Source: 192.168.1.5] [localport: 23]

mrjelly · ‎04-15-2024

Additionally this is a switch stack, on the other console ports I am getting '% Authorization Failure'

RAdamWilliams · ‎04-16-2024

What does "show run | s line" return?

Also are you sure you're using the console port of the active switch in the stack?

mrjelly · ‎04-16-2024

Hello

show run | s line -

line con 0
stopbits 1
line aux 0
stopbits 1

( I left out vty)

line aux 0 is not configured on the other switches interestingly

Yes I have checked the switch stack and this is the primary. I have also tried all four console ports and get the above when I try the other three ports:

(I'll also paste the error here) - % Authorization Failure

RAdamWilliams · ‎04-16-2024

I often try adding login local to my lines when they don't work. Also mine default to having an exec-timeout but I don't know if that missing signifies anything. If login local doesn't work see if "aaa new-model" is enabled. I don't have the exact verbiage for setting that up memorized but that will point you in the right direction.

mrjelly · ‎04-16-2024

Thank you, yes apologies if I did not mention, aaa new-model is enabled, as such I can't set login local.

That is why I'm wondering (after seeing Authorization Failure) that the missing config is aaa authentication default local.
However there is no aaa config on the console line (or any line)

RAdamWilliams · ‎04-16-2024

If you're using a local login then adding that line to the global configuration shouldn't hurt anything. But if you're not getting anything over the regular console port I'm wondering if we should take a step back and actually look at your PuTTy settings. I've seen devices that have required me to change the flow control settings to get stuff to print on the console.

mrjelly · ‎04-17-2024

Hello, thanks for the reply.
I did consider this too. The Baud rate, stopbits and parity bits are matching on the switch console line and the console switch (this is an Opengear console switch.

Additionally I assumed (perhaps wrongly) that if 3/4 of the console ports are displaying 'Authorization Failure' then it is displaying correctly.

The other console port is just blank.

On the Opengear I have cleared the sessions and tried again.

mrjelly · ‎05-10-2024

Solution to this was... the cable was unplugged from the console switch to the primary switch.

All other switches in the stack were plugged in.

It's ridiculous I know but the error message was not help either, why an unplugged switch was displaying the error 'authorization failure' and not just a blank screen or some disconnect I don't know.

Not sure if this is an Opengear issue though as the cable wasn't even plugged into the switch so the Cisco switch could not have been providing the error.