One of the stacked switch goes to enable mode without password (9200L)

szilvia-benyoczki · ‎04-17-2024

Hi,

I have a problem with stacking two cisco 9200L's, after stacking, one of the pair goes straight to privileged exec mode, without enable password, while the other needs password for it. It's not the first time, this occurs, do you have any idea where I am going wrong?

The stacking was successful, config copied to the other switch. The main switch of the two needs enable password, while the other is not. I am not logged in privileged exec mode on the main switch while this.

marce1000 · ‎04-17-2024

- Could you check the config register (setting(s)) on the particular switch ,

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

szilvia-benyoczki · ‎04-18-2024

Hi,

Configuration register is 0x102

Georg Pauwen · ‎04-18-2024

Hello,

odd indeed. Can you post the running config of the 'problem' switch ?

szilvia-benyoczki · ‎04-18-2024

!
enable secret 9 [...]
!
username admin privilege 15 secret 9 [...]
!

MHM Cisco World · ‎04-18-2024

Enable not need if you use

User name with privilege 15

Aaa authz exec defualt local

This make user go directly to level 15 without need to enter enable password

MHM

szilvia-benyoczki · ‎04-18-2024

I don't have aaa authz exec default local line in the config, and by the way, the other switch has the exact same config, and asks for password to go to enable mode, i don't get it.

MHM Cisco World · ‎04-18-2024

If aaa authz not add then check

Privilege 15 <- under vty line

MHM

szilvia-benyoczki · ‎04-18-2024

!
line con 0
exec-timeout 5 0
privilege level 0
logging synchronous
stopbits 1
line aux 0
line vty 0 4
access-class 22 in
exec-timeout 5 0
privilege level 0
logging synchronous
length 0
transport input ssh
line vty 5 15
access-class 22 in
exec-timeout 5 0
privilege level 0
logging synchronous
length 0
transport input ssh
!

this is what I have, but nothing explains why on other switch I need to write password for enable mode, and on only this switch I don't. On edge configurations, I use the very same config (except for the spanning tree config) and just on this stacked one i have the issue, the other switch in the stack is also working like the others, and asks for password.

I even tried to reload the switches, and log in the problematic switch first to see if it will ask for password for first time log in, but no, the other one in the stack works perfectly.

Saubhagya Mishra · ‎04-18-2024

The username is configured with a privilege level of 15, allowing direct access to privileged mode upon successful login without requiring an enable password.

szilvia-benyoczki · ‎04-18-2024

but how is this explaining that on the other switch in the stack I in fact do need to put enable password to go to enable mode?

MHM Cisco World · ‎04-18-2024

share the
debug aaa authentication
debug aaa authorization

for both SW, work fine and not work fine

MHM