ā03-03-2023 07:39 AM
Hi all,
We have a stack of 3 switches. console access to the master switch works fine using Local authentication, however when I try to console into the standby switch (2) or the other member switches (3) I am met with the prompt but when trying to login with the same local username/password combination I am met with an "authorization failed" message.
The AAA and line configuration is below:
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
username x privilege 15 secret 5 x
!
aaa new-model
aaa session-id common
line con 0
login authentication console
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 5 0
transport input ssh
transport output ssh
line vty 5 15
!
The switch uses ISE/TACACS for login via SSH
Any help would be appreciated
Thanks
ā03-03-2023 08:03 AM
Hello,
If I remember correctly when a switch becomes part of a stack then the master is like consoling into all of them. They work as one unit so I don't thing consoling into them individually would work. You should be able to configure anything you need to from the master in the stack. Is there a specific thing you're trying to accomplish?
-David
ā03-09-2023 12:09 AM
Hi David,
We were asked to collect information from all members of the stack via console by Cisco themselves which is why we have even run across this problem in the first place
Johnny
ā03-09-2023 11:50 AM
We were asked to collect information from all members of the stack via console by Cisco themselves which is why we have even run across this problem in the first place
show version show all the members
ā03-03-2023 11:40 AM
I do not think that works, what is the reason of connecting other members of switches in the stack, (you can not do anything on those switches)
all the control stuff to be done on master switches only.
if the active member fails ....next master will have console access. (same case with MGMT port) - only 1 MGMT will be active.
ā03-03-2023 04:17 PM
What firmware is the stack running on?
ā03-09-2023 12:11 AM
Firmware version is -
Everest 16.06.06
ā03-09-2023 02:42 PM
@Johnny94 wrote:
We were asked to collect information from all members of the stack via console by Cisco themselves
I think someone has misunderstood the instruction(s) from Cisco.
All switch members in a stack works as a single logical unit.
What command(s) did Cisco ask for?
ā03-10-2023 12:36 AM
Cisco actually initially came in to collect information from each individual switch within a stack
Some of the commands were show ver, show env all.. things like that
I agree that all that information should be found from the master switch and the output is the same but they wanted to go on each one, that is when we found our issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide