Re: Enable password not working through local logging

jyotiraj_Majumdar · ‎05-06-2010

Hi,

Here is problem with switch 6509, I am able to get logging through the ACS password. But when ACS is not in network i am able to get logging through local user name / password.

getting enable mode, when type the enable password switch is not taking and i am not able to get access.

Wt RO.......

spremkumar · ‎05-06-2010

Hi

Can you post the config related to AAA ?

regs

jyotiraj_Majumdar · ‎05-06-2010

Hi,

Find the att. file for AAA.

spremkumar · ‎05-06-2010

hi

Do remove this file and attach the config file. check before attaching here.

regds

Ganesh Hariharan · ‎05-06-2010

Re: Enable password not working through local logging

Hi,

Find the att. file for AAA.

Attachments:

New Text Document.txt.zip (3.7 K)

It is not having the configuration of AAA,any how check out the below link for configuring the aaa on switches/routers

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

jyotiraj_Majumdar · ‎05-06-2010

Hi All,

Sorry i attached wrong file.

Ple find the att. AAA config file.

Ganesh Hariharan · ‎05-06-2010

Hi All,
Sorry i attached wrong file.
Ple find the att. AAA config file.

    
        
        Attachments:
        AAA.txt.zip (318 bytes)

What is the error message are you getting in ACS under failed attempts logs when you try to login in to switch.

Ganesh.H

jyotiraj_Majumdar · ‎05-06-2010

Hi,

No not any error

Just not taking enable password. when i try 3 -4 times it will come out.

Regard..

Jyoti

Ganesh Hariharan · ‎05-06-2010

Hi,

No not any error

Just not taking enable password. when i try 3 -4 times it will come out.

Regard..

Jyoti

Jyoti,

Are you sure you are not getting any failed attempt message in ACS when ever you are going into enable password ,do one thing in ACS you have option under user setting --tacas+enable password --select here as Use CiscoSecure PAP password.

Hope to help !!

Ganesh.H

jyotiraj_Majumdar · ‎05-06-2010

Hi Ganesh,

I am trying the local user name and password when acs is down.

Help...

Regards.

Ganesh Hariharan · ‎05-06-2010

Hi,

No not any error

Just not taking enable password. when i try 3 -4 times it will come out.

Regard..

Jyoti

Hi Joyti,

Is local username database is created when your are trying and also can you post your config.

Just go thourgh this link also when acs goes down local database comes in picture

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#cfg_auth

Hope to Help !!

Ganesh.H

spremkumar · ‎05-06-2010

hi

try this and revert.

no aaa authorization config-commands

no aaa authorization exec default group tacacs+ if-authenticated

no aaa accounting suppress null-username

no aaa accounting exec default start-stop group tacacs+

aaa authorization console

aaa authorization configuration default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting commands 5 default start-stop group tacacs+

regds