Search this Blog

Wednesday, March 3, 2010

Change in behavior of ssh session after IOS upgrade


We upgraded a series of 3560s and 4506s to version 12.2(53)SE and 12.2(53)SG1, respectively. Before the upgrade, we would login to the switches using an SSH client. We would enter a user id and password for the initial connection and then if we wanted to get into enable mode, we had to enter a separate password. Now, after the upgrade, on the 3560s, we are automatically placed into enable mode after entering the initial userid/password sequence. There's no need to enter a separate enable password. On the 4506s, the functionality is the same as before the upgrade. Any ideas on what happened and how we might be able to get the 3560s back to the original behavior?

Diagnostic Steps

1) It can be problem with aaa configuration in your switches for enable mode authentication. The below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.

aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

2) You can try to add 'aaa new-model' to the configuration
3) You can try to remove the 'password' command from the 'line vty' section.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */