04-05-2017 07:29 PM - edited 03-08-2019 10:05 AM
Strange issue here. I have 2 x 3650 switches both running Version 3.76. Web interface shows fine, but cannot log into switch #1.
I've had no issues accessing the panels via web on both switches, saved my passwords locally in Roboform too. Suddenly, my login is not working for switch #1, but works fine on switch #2. I'm baffled.
How do I correct this?
I checked the user/pw in show run
enable secret 5 ********
enable password ********
10-16-2017 12:09 PM
Old topic but having a hard time again, please assist. Thank you.
10-16-2017 01:14 PM
Hello,
are you using http or https for web GUI access ?
Try and zeroize the crypto key and then regenerate it:
crypto key zeroize rsa
crypto key generate rsa
10-16-2017 12:27 PM
10-17-2017 08:17 AM
At this point I'm simply trying to reset / change the enable password. It worked on switch #2, but primary switch #1 is not working for whatever reason, despite showing the change in show run output.
I ran:
conf t enable password <my pw> end wr
Same thing worked on second switch, but not primary. Odd. Primary shows this in show run:
enable secret 5 $1$Df4Gxxxxxxxxx enable password TLNs@xxxxxxxxx
10-17-2017 08:29 AM
Further tracing, odd issues:
So this is what it says on switch #1
Cisco3650>en Password: Password: Password: % Bad secrets
It says the same thing on switch #2 only when attempting to log in via VPN (IP is already whitelisted) but works fine directly to switch #2. Makes no sense. Using same new password.
10-17-2017 08:43 AM
Hello,
with both enable secret and enable password set, it will use the enable secret first. Is that what you are using at the prompt ?
10-17-2017 08:45 AM
10-17-2017 08:55 AM
Hello,
to avoid confusion, here s an example:
If you have the enable secret set globally:
enable secret 5 $1$/GLc$TBZdaH5BrhQZ1KmJuVt.K.
set up the local account like this:
username admin privilege 15 password 7 03295A0C074E76196C590A
and NOT like this:
username admin privilege 15 secret 5 $1$6ABu$IgTj1t6RS0oQXsRh0FuhD1
10-17-2017 09:01 AM
Thanks, but doesn't seem to be working for me.
Cisco3650(config)#username myusername privilege 15 password TLNxxxxxxxxxxx ERROR: Can not have both a user password and a user secret. Please choose one or the other.
I don't use "admin" as username to clarify.
10-17-2017 09:06 AM
Delete the user secret first...
Can you post the full config of your switch ?
10-17-2017 09:11 AM
How do I delete the user secret? Sorry never done that before. What's the command?
Not comfortable posting entire config but here's the necessary portion I would deem sufficient:
Cisco3650#show run Building configuration... Current configuration : 26079 bytes ! ! Last configuration change at 11:24:26 EST Tue Oct 17 2017 by myusername ! version 16.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service compress-config no service password-recovery no platform punt-keepalive disable-kernel-core ! hostname Cisco3650 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 $1$Df4Gxxxxxxxxxxx enable password TLNsxxxxxxxxxxx ! no aaa new-model clock timezone EST -5 0 facility-alarm critical exceed-action shutdown switch 1 provision ws-c3650-24ts ! ! ! ! ip routing ! ! ! ip name-server xxxxxxxxxxx.62 xxxxxxxxxxx.61 ip domain name companydomamain.com ! ! ! ! ! ! ! ! vtp mode transparent ! ! crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR enrollment selfsigned serial-number revocation-check none rsakeypair HTTPS_SS_CERT_KEYPAIR
10-17-2017 09:58 AM
Hello,
delete both enable secret and enable password as below:
3650#conf t
3650(config)#no enable secret
3650(config)#no enable password
Then set a username and password...
10-17-2017 10:03 AM
This is strange, still not working.
Cisco3650#conf t Enter configuration commands, one per line. End with CNTL/Z. Cisco3650(config)#no enable secret Cisco3650(config)#no enable password Cisco3650(config)#username myusername privilege 15 password TLNsxxxxxxxxxxxx ERROR: Can not have both a user password and a user secret. Please choose one or the other. Cisco3650(config)#end Cisco3650#wr Building configuration... Compressed configuration from 24257 bytes to 8769 bytes[OK] Cisco3650#conf t Enter configuration commands, one per line. End with CNTL/Z. Cisco3650(config)#username myusername privilege 15 password TLNsxxxxxxxxxxxx ERROR: Can not have both a user password and a user secret. Please choose one or the other.
10-17-2017 10:24 AM
Odd indeed...
Can you reload the switch ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide