Re: Odd behavior on switch console

From: Omkar Tambalkar (omkar.groupstudy@gmail.com)
Date: Wed Nov 12 2008 - 05:55:56 ARST

• Next message: Michael Dorion: "Re: Link group tracking on switches and other strange"
• Previous message: Omkar Tambalkar: "Link group tracking on switches and other strange"
• Maybe in reply to: Kelvin Yeo: "Odd behavior on switch console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Correct me if I am wrong but when you enable AAA and configure login
authentication and authorization exec there may be a hidden command
configured "aaa authorization console" and there is no method configured for
the default authorization so you are not getting a login prompt.
Can you configure aaa authentication login default local none / aaa
authorization exec default local none and then configure local username
password and see if you get access?
Otherwise there is always password-recovery to ignore the configuration and
make changes to the startup-config.

- Omkar

On Tue, Nov 11, 2008 at 12:04 PM, Kelvin Yeo <kelvinyeo24@yahoo.com.sg>wrote:

> Hi GS,
>
>
>
> I have this odd behavior whenever we console access into a switch, the
> screen is always "scrolling" and it does not allow the keying in of
> username/password. There is no configuration in the line console 0 and the
> screen stops "scrolling" once the connection to TACACS is disconnected.
>
>
>
> This is my config:
>
>
>
> aaa new-model
>
> aaa authentication login comein group tacacs+ local
>
> aaa authentication enable default group tacacs+ enable
>
> aaa authorization exec default group tacacs+ none
>
> aaa authorization commands 15 default group tacacs+ none
>
> aaa accounting exec default start-stop group tacacs+
>
> aaa accounting commands 15 default start-stop group tacacs+
>
>
>
> tacacs-server host 1.1.1.1 single-connection timeout 5 key 7 x
>
> tacacs-server host 1.1.1.2 single-connection timeout 5 key 7 x
>
> no tacacs-server directed-request
>
> radius-server source-ports 1645-1646
>
>
>
> line con 0
>
> transport preferred none
>
> line vty 0 4
>
> login authentication comein
>
> transport input telnet
>
> line vty 5 15
>
> exec-timeout 5 0
>
> login authentication comein
>
> transport input telnet
>
>
>
> Could this be due to the console, unable to source for a aaa authentication
> method?
>
>
>
> Rdgs,
>
> Yeo
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Michael Dorion: "Re: Link group tracking on switches and other strange"
• Previous message: Omkar Tambalkar: "Link group tracking on switches and other strange"
• Maybe in reply to: Kelvin Yeo: "Odd behavior on switch console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST