RIP, EIGRP, OSPF, IS-IS, BGP, MPLS, VTP, STP.
User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Cant move to enable mode of cisco switch.

Mon May 13, 2013 12:57 am

Hello everyone!
I dont know what mistake i have done but now I cannot move to enable mode of my cisco switch.
It says error in authentication. I am trying to login through console.
please help me...I am using cisco Catalyst 2960 switch.
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

cadetalain
Member
Posts:
159
Joined:
Tue Oct 11, 2011 2:05 pm
Certs:
CCNP-CCNA Security-CCNA Voice-CCNA

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 1:45 am


User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 2:00 am

Thank you but isn't there any other solution?
And may I know what is the reason behind the authentication error?
I dont have any idea...
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 4:41 am

Hi everyone!
I did password recovery and now I can move to enable mode but I didn't understand what was the problem.
Can anyone help me to understand it please...
Here is my configuration...
Code: Select all
Pasang#sh run
Building configuration...

Current configuration : 4090 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Pasang
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$rTHA$j3jEe7RqSQlaZhK4ZRxhZ1
!
username test password 7 111D1C1603
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
!
!
!
aaa session-id common
clock timezone BST 6
switch 1 provision ws-c2960s-48fps-l
!
!
no ip domain-lookup
ip domain-name tashicell.com
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 1
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
 description connection to Pasang's PC
 switchport access vlan 10
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/14
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/15
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/16
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/17
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/18
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/19
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/20
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/21
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/22
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/23
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/24
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/25
 description connection to ISP department
 switchport access vlan 20
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
 switchport trunk allowed vlan 10,20
 switchport mode trunk
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
 description Management Vlan Interface
 ip address 192.168.1.50 255.255.255.0
!
ip default-gateway 192.168.1.1
no ip http server
no ip http secure-server
ip sla enable reaction-alerts
banner motd ^C
###############################################################3
                    This is ISP switch
              Unauthorised access is prohibited
###############################################################
^C
!
line con 0
line vty 0 4
 transport preferred none
 transport input telnet ssh
 transport output none
line vty 5 15
!
end
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

User avatar
ristau5741
Post Whore
Posts:
10618
Joined:
Tue Aug 21, 2007 2:15 pm
Certs:
Instanity

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 7:24 am

probably this part here
Code: Select all
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
!
Tips of the day:
- The human mind is the ultimate creation invention.
- I have so many customers, my customers have customers.
- Sausage time
- POP, stack, and store

User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 10:18 pm

thank you...
I used the code before also, it didn't give any problem but now why is it giving such problem? And shouldn't we use this code for remote login than why is it giving problem?
Please help me to understand this...
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

User avatar
ph0enix
Junior Member
Posts:
89
Joined:
Sat May 11, 2013 1:14 pm
Certs:
CCNA, CCNA Security

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 10:48 pm

There is something I don't understand and I wish I am wrong.

AAA authentication on login is awesome, but it's the first time I see "authentication" on the enable level. isn't that supposed to be authorization? I never used "authentication enable" before but I will do when I am on my computer. anyway!

1) remove the enable secret from the config and add a new one but make sure you pay attention. You might be missing a capital letter or something similar.

2) before you do step one, issue the following command and post the output:

#show run | b line


Sent from my iPhone using Tapatalk 2
"If at first you don't succeed; call it version 1.0" ~Unknown

User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 10:59 pm

Thank you Phoenix, but as of now everything is working fine as i did password recovery but i didn't understand what was the cause of the problem. I just wanted to know that. And about "authorization", I have never used that. I have been using "aaa authentication enable default enable"
Means if you attempt to get to enable mode it uses the enable password/secret. But don't know why it gave problem this time...
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

User avatar
ph0enix
Junior Member
Posts:
89
Joined:
Sat May 11, 2013 1:14 pm
Certs:
CCNA, CCNA Security

Cant move to enable mode of cisco switch.

Mon May 13, 2013 11:00 pm

Pasu wrote:aaa authentication enable default enable
[/code]


Wait a minute, if for the enable you use the enable password which is stored locally then why to use AAA for it? just remove that line and try.

If your boss was to notice that, you will be in a trouble as no need, at all, to use AAA for the enable when the method is "enable" itself.


Sent from my iPhone using Tapatalk 2
"If at first you don't succeed; call it version 1.0" ~Unknown

User avatar
ph0enix
Junior Member
Posts:
89
Joined:
Sat May 11, 2013 1:14 pm
Certs:
CCNA, CCNA Security

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 11:05 pm

Pasu wrote:Thank you Phoenix, but as of now everything is working fine as i did password recovery but i didn't understand what was the cause of the problem. I just wanted to know that. And about "authorization", I have never used that. I have been using "aaa authentication enable default enable"
Means if you attempt to get to enable mode it uses the enable password/secret. But don't know why it gave problem this time...


No need, just check my above reply.


Sent from my iPhone using Tapatalk 2
"If at first you don't succeed; call it version 1.0" ~Unknown

User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Mon May 13, 2013 11:18 pm

Do you mean its "aaa authentication enable default enable", which was giving problem?
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

cadetalain
Member
Posts:
159
Joined:
Tue Oct 11, 2011 2:05 pm
Certs:
CCNP-CCNA Security-CCNA Voice-CCNA

Re: Cant move to enable mode of cisco switch.

Tue May 14, 2013 2:45 am

if you didn't change this command and it is working now it shouldn't be.Maybe you had a trailing space in your enable secret password and as you were not typing it when asked for password then the hashes were different and you couldn't get to enable mode.

Alain

User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Tue May 14, 2013 3:12 am

You are right Cadetalain its working fine without any change so i also think it should not be the problem. And about mistake in password I was not even asked about password. When I type "en", with out asking any password it directly said "%error in authentication".
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

User avatar
ph0enix
Junior Member
Posts:
89
Joined:
Sat May 11, 2013 1:14 pm
Certs:
CCNA, CCNA Security

Re: Cant move to enable mode of cisco switch.

Tue May 14, 2013 5:35 am

what config is applied to the console line? just post the config related to the console line.


Sent from my iPhone using Tapatalk 2
"If at first you don't succeed; call it version 1.0" ~Unknown

cadetalain
Member
Posts:
159
Joined:
Tue Oct 11, 2011 2:05 pm
Certs:
CCNP-CCNA Security-CCNA Voice-CCNA

Re: Cant move to enable mode of cisco switch.

Tue May 14, 2013 5:41 am

from the previous posted config , the console line has nothing configured so it is using the AAA default method which is using the local user database.

Alain

User avatar
ph0enix
Junior Member
Posts:
89
Joined:
Sat May 11, 2013 1:14 pm
Certs:
CCNA, CCNA Security

Re: Cant move to enable mode of cisco switch.

Tue May 14, 2013 8:09 am

cadetalain wrote:from the previous posted config , the console line has nothing configured so it is using the AAA default method which is using the local user database.

Alain


AAA commands must be applied to the line where desired. it is the default indeed but I still fail to understand why to use the following:

aaa authentication enable default local

That AAA line must be removed.


Sent from my iPhone using Tapatalk 2
"If at first you don't succeed; call it version 1.0" ~Unknown

User avatar
Pasu
New Member
Posts:
23
Joined:
Sun Apr 28, 2013 11:39 pm

Re: Cant move to enable mode of cisco switch.

Thu May 16, 2013 6:01 am

Today I again tried to configure the switch. I logged in through console and did all the configurations like before except enable secret.
And than i tried to telnet the same switch but I didn't close my console. When i tried to telnet the switch I was able to log in but was not able to move to enable mode and was displayed with the same msg "error in authentication" then i went back to console and put enable secret and then i was able to move to enable mode through telnet.

But in my previous case don't know what was wrong. There I had enable secret also...
"Lay a firm Foundation with the bricks that others throw at you" ~David Brinkley

'

Return to Cisco Routing and Switching

Who is online

Users browsing this forum: No registered users and 103 guests