Cannot establish connection/local authorization on 6500's
I have a need to allow a small group of level-15 users temporary access to several 6500
switches (12.2 - 33 SXJ2 code execution), but do not want to provide the password secret enable that is used on the
the rest of the network (over 1200 devices). I tried to eliminate the AAA using the command "no aaa new-model", but I was told that I could not remove aaa while there are active sessions, and 'local connection' appeared more as an option for the vty lines. So, I created a database of local user, called the 'support' that I used to replace the entry 'group' in sections of the authentication and authorization of our AAA config and connection on vty 0 4.
[The username is given a privilege level of 15 with an individual password for authentication. (e.g. username privilege 15 password 0 xxxxx jsmith)]
I changed our AAA configuration to support the local login, but could not establish a "mode" (i.e. the prompt #) with any account. I have
can log on locally, but only to a normal "user mode" (i.e. > prompt).
Here is the config current, modified, and sanitized for our AAA sections and line vty 0 4. Please tell me what needs
for the stay, and what to go. Thank you!
P.S.: for reasons of security, we want to track individual activity, so need the accounting AAA part to stay.
AAA new-model
AAA server Ganymede group + XXXXXX
Server xxx.xxx.xxx.xxx
Server xxx.xxx.xxx.xxx
!
enable AAA authentication login default group XXXXXX
the AAA authentication enable default
default AAA authorization exec XXXXXX group no
AAA authorization commands 15 default authenticated if
AAA authorization network default group XXXXXX no
authorization AAA MLPPP-PPP network no
MLPPP AAA authorization network no
AAA accounting exec by default start-stop group XXXXXX
AAA accounting command 15 default start-stop group XXXXXX
AAA accounting network default start-stop group XXXXXX
AAA accounting connection by default start-stop group XXXXXX
AAA accounting system by default start-stop group XXXXXX
!
line vty 0 4
access-class 75
exec-timeout 15 0
privilege level 0
password 7 xxxxxxxxxxxxxxxxxxx
entry ssh transport
I'll have to probably more information until I can provide more help but since I see in the snip-it, you have configured aaa and your AAA server is a GANYMEDE server +. If this is the case you should keep in mind the following:
1. If the authentication/authorization commands refer to the GANYMEDE group + then you will need to add a 'local' at the end of the command. This will allow local accounts to use when the AAA server is down/unavailable
2. keep in mind that local users will ONLY be used when the AAA server is down/unavailable. You cannot have a mixture of the two
Question, since you have a GANYMEDE server +, why don't you just create temporary accounts directly on the server GANYMEDE + accounts vs local? You can get very granular like that and don't allow some commands on some devices, during a certain time of day, etc...
I hope this helps and thank you for the rating!
Tags: Cisco Security
Similar Questions
-
Original title: cannot establish a network connection
Very well, a computer can connect to the internet. Another computer using the same modem cable and fixed connection of the router (for example using the port adapter, not wireless) Wireless does not connect. I suspect that there are has some settings somewhere that are not correct. Can you tell me how to understand where is the problem?
Messages on the icon alternate between "Acquiring network address" and "unplugged network cable. When I run troubleshooting this is what I get:Diagnosis of IP Configuration
Invalid IP address
Info
Zero (0.0.0.0) detected IP address
action
Auto repair: renew the IP address
action
Release the current IP address...
action
Successfully published the current IP address
action
Renew the IP address...
error
Error to renew the IP address: the semaphore timeout period has expired.
Info
AutoNet address detected: 169.254.225.103
action
Auto repair: reset the network connection
action
Disabling the network card
action
Activation of the card network
Info
Successfully activated network adapter
Info
Zero (0.0.0.0) detected IP address
action
Repair Manual: Reboot modem
Info
AutoNet address detected: 169.254.225.103
action
Auto repair: renew the IP address
action
Release the current IP address...
action
Successfully published the current IP address
action
Renew the IP address...
error
Error to renew the IP address: the semaphore timeout period has expired.
Info
AutoNet address detected: 169.254.225.103
Info
Redirect the user to support call
WinSock status
Info
All base service provider entries are present in the Winsock Catalog.
Info
Winsock Service providers strings are valid.
Info
Entry provider MSAFD Tcpip [TCP/IP] passed the loopback communication test.
Info
Entry provider MSAFD Tcpip [UDP/IP] passed the loopback communication test.
Info
Entry provider RSVP UDP Service Provider managed the loopback communication test.
Info
Entry provider RSVP TCP Service Provider passed the loopback communication test.
Info
Connectivity is valid for all Winsock service providers.
Diagnosis of network adapter
Network location detection
Info
Using the Internet connection at home
Identification of network adapter
Info
Network connection: name = Local 2, Device network connection = Intel(r) 82562V-2 10/100 Network Connection, MediaType = LAN, type = LAN
Info
Ethernet connection selected
State of the network adapter
Info
The network connection status: connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn
FTP (passive): error 12007 connecting to FTP.Microsoft.com: the server name or address cannot be resolved
warn
HTTP: Error 12007 connecting to www.microsoft.com: the server name or address cannot be resolved
warn
HTTPS: Error 12007 connecting to www.microsoft.com: the server name or address cannot be resolved
warn
HTTPS: Error 12007 connecting to www.passport.net: the server name or address cannot be resolved
warn
FTP (active): error 12007 connecting to FTP.Microsoft.com: the server name or address cannot be resolved
warn
HTTP: Error 12007 connecting to www.hotmail.com: the server name or address cannot be resolved
error
Could not make an HTTP connection.
error
Could not make an HTTPS connection.
error
Could not make an FTP connection.
I found the problem (s), even if I am always left with a few questions.
During this process, I have disabled the firewall, but that did not help. However, I noticed 'tweaks' accessed via the tab 'Advanced' in 'Microsoft Firewall' which looked like, they must be checked in order to access the internet. I checked these and reintroduced the firewall. After I got things working, I unchecked them and things still worked so I obviously don't understand what these parameters.
The solution:
(1) I have to go straight from the modem cable to the computer. I can't have a cable modem, router wireless, computer, even if using hard wire, and even if this same configuration works with another computer. Also, I can't use a cable length to go from modem to the computer. So, it seems to have had a problem of cable length. Power problem? Only connected to this computer devices are the mouse, the keyboard and the Ethernet. Would not this be fixed with an upgrade of the power supply? Or is it due to the quality of the Ethernet hardware on the motherboard? It's a Dell Vostro 200.
(2) in back and forth between configurations while following the problem, you must think to unplug the modem to reset between each configuration. You may have stumbled upon the solution, otherwise he's not shot. Also, I unplugged the cable from the modem when you reset data cable - do not know if it was necessary. I wanted to limit the degrees of freedom that I had a lot, as it was.
-
Why cannot establish the connection.
Hello
I'm new to weblogic and jdeveloper and now I try to deploy FOD (http://www.oracle.com/technology/products/jdev/samples/fod/index.html) on a Linux Server (Jdeveloper runs on the same server), but can't connect to localhost. When I check the connection to 127.0.0.1 on port 7101, he always complains that:
JSR-160 LENGTH tests... failed.
Cannot establish the connection.
JSR-160 DomainRuntime... skipped tests.
JSR - 88... skipped tests.
JSR-88-LOCAL... skipped tests.
JNDI... skipped tests.
JSR-160 tests edit... skipped.
Tests of HTTP... success.
Test server MBeans model... skipped.
but the Web site: http://127.0.0.1:7101 / console are available, anyone know why?
Thank you.You are not able to establish a connection between jdev and the right of the server. If so, you must add an entry with the ip address and the host name of the server in the host C:\WINNT\system32\drivers\etc\hosts file.
-
Safari Version 6.1.6 (7537.78.2) fails to open certain websites. "Safari cannot establish a connection to the server.
-
Safari cannot establish a connection to the server
I have try this site to opoen: https://www.infragrad org I get this error msg
Safari cannot establish a connection to 'www.infragard.org '.
all other web browsers work with this site no message.
Certificates? or what else?
IM using worm 6.2.8 in Mt lion
If Safari says cant Safari't establish a secure connection
https://support.Apple.com/en-us/HT204937
You have antivirus software installed?
If so, uninstall it.
-
Cannot establish a connection to the target red card Safari.
I'm running OS X 10.8.5 using Safari 6.2.8. I recently started getting an error when I try to log into the target red card - www.rcam.target.com. The error message says that Safari cannot establish a secure connection. How can I fix?
Try another browser as a test.
-
Connection error: windows cannot load the locally stored profile
original title: connection error
Always get following message when trying to connect to my desktop PC
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a damaged local profile. If this problem persists, contact your network administrator.
This looks like a corrupted profile. Assuming that you can connect with a user with administrator privileges, do one of the following procedures to restore your profile in the shape. If you are unable to connect, try to connect by using the built-in Administrator account (Ctrl-Alt-Delete struck twice on the login screen, enter the user: administrator, leave blank password unless you have changed at some point)
"How to restore Windows XP to a previous state"
<>http://support.Microsoft.com/kb/306084 >
(works best if you connect with Safe Mode)"How to recover damaged Windows XP user profile"
<>http://support.Microsoft.com/kb/555473 >HTH,
JWPS: Alteration of the disc often accompanies this problem. Don't forget to run a "chkdsk" operation after you recover.
-
How to establish a local router connection through the internet
How can I establish a local always on connection router through the internet. I would like to be able to access our local wireless network when you are away from the office.
Thank you!
The major goal of a router with internet is to protect the network from attacks through the firewall. The last thing you want to do is reduce this function.
If you want to access services on specific systems, you can transfer individual ports of these systems. Thus, for example, if one of the internal devices runs a web server you can before port 80 on this device.
However, if you want to make your PC to appear as if it is on the local network, then that requires the use of a VPN tunnel, which depends on the capability of the router.
-
Muse in the preview is not working. Doesn't have a prior view. Cannot establish a connection over HTTP. How can I fix? Antivirus protection does not block. Firewall disabled
Sorry I forgot to paste the link in the previous answer,
Here's the link - Preview fails in muse
Kind regards
_Ankush
-
When I try to connect to my remote server the message "an ftp error occurred - cannot establish a connection to the host." How can I get the server to which to connect with dreamweaver?
After spending most of the day on this I found that my password required to upgrade... so two of my sites are now meet Dreamweaver. And the other will be taken care by the owner of the Web site. Thank you, Nancy!
gay
-
Recently, I started out of the blue to get this message when I try to connect to an FTP of Dreamweaver. I have CC was last updated. I have like 50 sites, more on different servers and none of them will connect. So I don't know, it can't be a server problem. Yesterday, everything was fine. I made no change what so ever. I uninstalled Dreamweaver and reinstalled him and I get the same thing. It is not the site for 30 seconds and then exhale. As soon as I hit the button to connect as 1 second later, I get this error. I have reset all modems and routers, etc. I can't find anything online about this specific problem. I'm at my wits end. I have projects due, but cannot connect. It's Thanksgiving and trying to solve this problem instead of spending time with the family. Any help would be much appreciated.
"An FTP error occurred - cannot establish a connection to the host." Internal data error. Unable to send data from network. »
Nope, that is not the case, I have disabled this service and now it works fine!
He was not the firewall, but the update 25-nov2014 of Norton Protection against vulnerabilities. ! Norton is the note and fix it for the next update in the coming days...I have
-
FTP error. Cannot establish the connection.
I suddenly started getting the "FTP error. Cannot make connection. "when trying to access a remote server in DW. Running Dreamweaver CC 2015 on Mac Yosemite. I tried the 'FTP access check' on the server FTP Test Adobe and got the same result. I can only assume that I have inadvertently changed some setting somewhere. No idea how I could find the flaw?
I suspect the initial problem, I had was external and not with DW.
I go back to Yahoo and checked all the connection details. I went back to scratch, changes of passwords and created a new connection and everything seems to work properly.
He was confused because several problems occurred at the same time, and it is difficult to tell if they are related or just a coincidence. My Mac Mail and Fetch (that I use for download via FTP) stopped recognizing my passwords and are unusable for about 24 hours. Two services returned (at different times) without doing me anything.
So for now everything works, but I still have no idea what caused the problem in the first place.
-
Cannot access the local admin page after first start
Hello
I am not able to access my newly purchased RN202, SN 45Y2535W003FC. I just plugged the power cable and turned on, but the power light keeps blinking even after hours. The NAS will connect to my local network with the ip 192.168.178.32 and ends by RAIDar under this address. However, the local admin under https://192.168.178.32/admin and https://192.168.178.32 page (even with http://) is not accessible. The connection is not accepted (cannot be connect-page in the browser). Also access more ReadyCLOUD is not possible, because the NAS cannot be discovered. Currently, there are no hard drives in the NAS. I also tried to insert a HARD disk already formatted in combination with a factory reset, but it does not work with the same result. It's already a replacement unit by my retailer the first device showing the same behavior, so I excluded a technical defect. What I am doing wrong? Any help would be greatly appreciated.
Best regards
Patrick Schmidt
OK I found the solution by myself. Without a HARD disc inserted the NAS will not start correctly. As mentioned, I already tried to insert a HARD drive and then do a factory reset. Now, I saw that I have is to not properly place the HARD disk. If you open the lock on the grid (the thing in which you put the HARD drive), then you can not insert in the case completely and do not connect the connector of power und data. Maybe a little more detailed manual on it (for Dummies like me) would be useful. Argh...
-
FTP error could not establish connection
Hello
I am trying to connect to the ftp server to get a file of.
I used the 'FTP get file.vi.
here a screenshot showing the front and the block diagram:
on the left, there are filezilla showing that the ftp server is very well connected and the remote path showing the files that I want to get one of them "log.txt".
I filled out the same info in my labview vi... and when I type throws this error pops up
{
Error 0 occurred at the FTPOpen data connection: could not establish connection
Possible reasons:
LabVIEW: Error connecting to the GPIB driver or device.
=========================
VISA: (Hex 0x0) operation completed successfully.}
I don't know what wrong I do... any ideas?
Thank you!
Thanks for your reply... I solved the problem ago... tour of false active to passive using the data connection in an active terminal...
another error pops up that I have to put the same file type as the file that I ask for... I did the g:\file.txt local path and it workd very well...
Thank you
-
New att/motorola modem with linksys wireless router connects local only!
Trying to set up my linksys wireless router to connect to the internet. I get local only access. Just got the new modem and was able to connect to the internet with a wired connection. I had no problem with my router and adapter wireless during the last 3 years. They had to create a new connection broadband with the modem to local and internet access. My Wi - Fi is a new connection, local only. Any help would be appreciated so to get my connection wireless internet.
Hello
Let us work together to solve this problem.
I ask you to follow these links and check if the problem is resolved:
Set up a wireless router
http://Windows.Microsoft.com/en-in/Windows-Vista/set-up-a-wireless-routerSetting up a wireless network
http://Windows.Microsoft.com/en-in/Windows-Vista/setting-up-a-wireless-networkWireless network card: frequently asked questions
http://Windows.Microsoft.com/en-in/Windows-Vista/wireless-networking-frequently-asked-questionsFor more information:
Warning: using third-party software, including hardware drivers can cause serious problems that may prevent your computer from starting properly. Microsoft cannot guarantee that problems resulting from the use of third-party software can be solved. Software using third party is at your own risk.
Please let us know the status of the issue.
Maybe you are looking for
-
Why do I may for listening to my own music?
Hello My daughter has an iPad, where she purchased songs in iTunes. She wants to listen to these songs also on his phone of Samsung. When she tries to download music from Apple app store Google play, she needs to buy a subscription to Apple's music t
-
I need new case for MacBook Pro 17 aluminium"
Hi all My MacBook Pro 17 "2006 (more or less) needs new cases. If I buy a second hand from eBay, can I change...? Is it compatible? What he works as idea...? Thanks in advance
-
Hi, locked out my computer bios on hp pavilion laptop have a stop code 86402351 any help would be appreciated?
-
In the last 24-36 hours the below popup message keeps coming back when you use Safari. Anyone know what it is and how do I get rid of him? I continue to choose refuse because I don't know what it is. Everyone?
-
Can I use ink cartridges installed in my new printer:
I have a Photosmart 6520 all-in-one printer. Just replaced all the cartridges and then printer stop working. Bought a 6520 refurbished HP but instructions say only to use the cartridges supplied with the printer for the initial implementation. The so