Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
1
Replies

password required , but none set after configuring aaa new model on a cisco switch catalyst 2960

yeshuawen
Level 1
Level 1

‎02-09-2017 04:38 AM - edited ‎03-08-2019 09:16 AM

Hello everybody

i'm actually configuring a cisco acs server for an entreprise in other to implement the 802.x authentication on cisco switchport with  AD integrated

what is done :     

*integration of Active Diectory

*Device port filtering

*certification auth profiles

*identity store sequences

*Configuring Radius protocol

*Tacacs for Device admin

THIS IS THE CONFIGURATION OF MY SWITCH BEFOR THE PROBLEM:


!
! Last configuration change at 08:08:21 UTC Tue Jan 31 2017 by admin
! NVRAM config last updated at 08:08:21 UTC Tue Jan 31 2017 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch_3eme_Users
!
boot-start-marker
boot-end-marker
!
!
username admin privilege 15 password 0 2cKjOMv3Hv!
no aaa new-model
switch 1 provision ws-c2960x-48lpd-l
!
!
!
!
crypto pki trustpoint TP-self-signed-2468776448
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2468776448
revocation-check none
rsakeypair TP-self-signed-2468776448
!
!
crypto pki certificate chain TP-self-signed-2468776448
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343638 37373634 3438301E 170D3136 31303231 30373130
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34363837
37363434 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B3AA 6CC3521E 2CE0E6B9 6B0E0396 D7A00073 3AFEA9AB D245E033 3A075648
804493D6 D3FD8951 D64D2586 90A22C9C C1E0558E 44F4A6A9 1F1B07CE 4D34A1D1
1E17B00B B2E6C94F 6E0E5162 9213C7B2 ADDEB867 F7A8331A 6E913A23 6272D31F
95DD8B49 BA63C669 2B88D4C7 8F3E745E 5B3038D2 754F1D60 30C94D6E 4A1BF4C9
6C730203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D7E3D6 E400A395 A7D2F180 3663EA1A 6CC2E12A 1F301D06
03551D0E 04160414 D7E3D6E4 00A395A7 D2F18036 63EA1A6C C2E12A1F 300D0609
2A864886 F70D0101 05050003 8181002A 70928700 BBA83315 CD4CEEB0 76762994
DF66B593 CB41438C B9C5F435 D254A660 A4E3C878 5B4C78A4 7EAEF23B 3A621BFC
42CA3778 273FBCD4 0B14E48C EE21852D 8442E31D 50DF45F0 EFFE7870 DE4DE10E
D9D11106 5DACAEDF 6451048D F785D0BD 7CAB6A81 3AB15623 208C447C 78B076BD
B62486CA E1AF5E4D 965EC370 E77452
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery interval 180
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Port-channel6
description Ether Channel vers le coeur
switchport mode trunk
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 2
!
interface GigabitEthernet1/0/2
switchport access vlan 2
!
interface GigabitEthernet1/0/3
switchport access vlan 2
!
interface GigabitEthernet1/0/4
switchport access vlan 2
!
interface GigabitEthernet1/0/5
switchport access vlan 2
!
interface GigabitEthernet1/0/6
switchport access vlan 2
!
interface GigabitEthernet1/0/7
switchport access vlan 2
!
interface GigabitEthernet1/0/8
switchport access vlan 2
!
interface GigabitEthernet1/0/9
switchport access vlan 2
!
interface GigabitEthernet1/0/10
switchport access vlan 2
!
interface GigabitEthernet1/0/11
switchport access vlan 2
!
interface GigabitEthernet1/0/12
switchport access vlan 2
!
interface GigabitEthernet1/0/13
switchport access vlan 2
!
interface GigabitEthernet1/0/14
switchport access vlan 2
!
interface GigabitEthernet1/0/15
switchport access vlan 2
!
interface GigabitEthernet1/0/16
switchport access vlan 2
!
interface GigabitEthernet1/0/17
switchport access vlan 2
!
interface GigabitEthernet1/0/18
switchport access vlan 2
!
interface GigabitEthernet1/0/19
switchport access vlan 2
!
interface GigabitEthernet1/0/20
switchport access vlan 2
!
interface GigabitEthernet1/0/21
switchport access vlan 2
!
interface GigabitEthernet1/0/22
switchport access vlan 2
!
interface GigabitEthernet1/0/23
switchport access vlan 2
!
interface GigabitEthernet1/0/24
switchport access vlan 2
!
interface GigabitEthernet1/0/25
switchport access vlan 2
!
interface GigabitEthernet1/0/26
switchport access vlan 2
!
interface GigabitEthernet1/0/27
switchport access vlan 2
!
interface GigabitEthernet1/0/28
switchport access vlan 2
!
interface GigabitEthernet1/0/29
switchport access vlan 2
!
interface GigabitEthernet1/0/30
switchport access vlan 2
!
interface GigabitEthernet1/0/31
switchport access vlan 2
!
interface GigabitEthernet1/0/32
switchport access vlan 2
!
interface GigabitEthernet1/0/33
switchport access vlan 2
!
interface GigabitEthernet1/0/34
switchport access vlan 2
!
interface GigabitEthernet1/0/35
switchport access vlan 2
!
interface GigabitEthernet1/0/36
switchport access vlan 2
!
interface GigabitEthernet1/0/37
switchport access vlan 2
!
interface GigabitEthernet1/0/38
switchport access vlan 2
!
interface GigabitEthernet1/0/39
switchport access vlan 2
!
interface GigabitEthernet1/0/40
switchport access vlan 2
!
interface GigabitEthernet1/0/41
switchport access vlan 2
!
interface GigabitEthernet1/0/42
switchport access vlan 2
!
interface GigabitEthernet1/0/43
switchport access vlan 2
!
interface GigabitEthernet1/0/44
switchport access vlan 2
!
interface GigabitEthernet1/0/45
switchport access vlan 2
!
interface GigabitEthernet1/0/46
switchport access vlan 2
!
interface GigabitEthernet1/0/47
switchport access vlan 2
!
interface GigabitEthernet1/0/48
switchport access vlan 2
!
interface GigabitEthernet1/0/49
shutdown
!
interface GigabitEthernet1/0/50
shutdown
!
interface TenGigabitEthernet1/0/1
description Lien vers Coeur
switchport mode trunk
channel-group 6 mode on
!
interface TenGigabitEthernet1/0/2
description Lien vers Coeur
switchport mode trunk
channel-group 6 mode on
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 172.16.13.249 255.255.255.0
!
ip http server
ip http authentication local
ip http secure-server
!
!
snmp-server community $gabontelecom$ RO
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end

BUT THE PROBLEM CAME AFTER SET THIS CONFIGURATION:

aaa new-model
aaa authentication dot1x default group RADIUS
aaa authorization network default group RADIUS
dot1x system-auth-control
RADIUS-server host 192.168.5.90 auth-port 1812 acct-port 1813 key Libertis123

after this one, i was quickly kicked out of the switch , since now i can't enter to conticnue my configurations.  this is what appears when i try to get again:

login as: admin
Using keyboard-interactive authentication.
Password:

Switch_3eme_Users>enable

Password required, but none set
% Error in authentication.

Switch_3eme_Users>

i can't reset my switch because it will disturb people work, so what can i do reach the global configuration mode again

thak you to help me 

YESHUAWEN

Labels:
0 Helpful
1 Reply 1

Eslam Daoud
Level 1
Level 1

‎02-09-2017 05:33 AM

This has nothing to do with your setup. Error Below appears because you don't have any enable secret/password configured. Despite you've already mentioned "login" under the line vtys.

Password required, but none set
% Error in authentication.

In order for the Radius setup to work perfectly , you will need to change the "login/login local" to be "login authentication dot1x"

Good Luck !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card