Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
754
Views
0
Helpful
4
Replies

Best method to do a password recovery on a 2960x stack (can't enable)

spfister336
Level 2
Level 2

‎01-12-2022 01:13 PM

Following an IOS upgrade, one particular stack of 8 2960x switch is having a problem with entering enable mode. When trying, it just says "% Error in authentication". Looking at a saved copy of the config, it looks like it was set to:

 

aaa authentication enable default group tacacs+ enable

and for some reason, the new IOS image doesn't like the tacacs+ config lines, and this stack never got a local enable secret set, so I'm thinking this is the problem.

 

I'm assuming a password recovery procedure is needed.  From what I read, it sounds like I need to shut down all stack members, and do the recovery on the stack master switch, then turn all the member switches back on. It would probably be easier to schedule the downtime if all members didn't need to be shut off. Are there any alternatives to get this stack back to allowing enable mode again?

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎01-12-2022 01:49 PM

@spfister336 wrote:

"% Error in authentication".

I want to see the exact error message. 

If the error message starts with "%ILET-1-DEVICE_AUTHENTICATION_FAIL" then this could, potentially, be CSCur56395.  
There is no way to fix it other than to RMA the infernal switch. 

NOTE:  In my humble opinion, this is a "hardware defect" and should be treated as such (RMA). 

0 Helpful

spfister336
Level 2
Level 2
In response to Leo Laohoo

‎01-12-2022 01:58 PM

That is the entire exact error message

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to spfister336

‎01-12-2022 02:10 PM

@spfister336 wrote:

That is the entire exact error message

Do not waste any more time (troubleshooting).  Contact Cisco TAC and organize for an RMA.  

Look at the Bug ID.  It is >1100 TAC Cases (and growing) attributed to this Bug ID alone. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-12-2022 02:48 PM

what was version before and after upgrade. (this was suggested in most of the release notes) - always should have local account for safe recovery.

 

If the device working as expected and only issue with Login, then take the maintenance window and try password recovery :

 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html

 

still issue, please look at the bug @Leo Laohoo 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents