«

I have a really weired problem with one of my switches.

I have removed the "privilege level 15" line from my vty 0-4, saved the
changes and exited the switch. When I try to login to the switch
immediately after that, it logs me in in user exec mode (which is
expected and desired), to my surprise logging in few hours later logs me
in directly to the privileged mode. When I list the running
configuration I can see that the "privilege level 15" line is back in
the vty 0-4 configuration section. I am 100% sure that no one logs into
this switch and changes the running configuration. Any idea what is
happening here?
I am about to start believing in smurfs

Thanks,
AL

On Jan 23, 7:44 pm, "a...@vp.pl" <a...@vp.pl> wrote:
> I have a really weired problem with one of my switches.
>
> I have removed the "privilege level 15" line from my vty 0-4, saved the
> changes and exited the switch. When I try to login to the switch
> immediately after that, it logs me in in user exec mode (which is
> expected and desired), to my surprise logging in few hours later logs me
> in directly to the privileged mode. When I list the running
> configuration I can see that the "privilege level 15" line is back in
> the vty 0-4 configuration section. I am 100% sure that no one logs into
> this switch and changes the running configuration. Any idea what is
> happening here?
> I am about to start believing in smurfs
>
> Thanks,
> AL

Did you save it? Did it reload?

Trendkill wrote:
> Did you save it? Did it reload?

Yes, I did save it and the switch did not reload. I am 100% sure of
that. That's why I am loosing my mind and start seeing smurfs

On Jan 23, 9:52 pm, "a...@vp.pl" <a...@vp.pl> wrote:
> Trendkill wrote:
> > Did you save it? Did it reload?
>
> Yes, I did save it and the switch did not reload. I am 100% sure of
> that. That's why I am loosing my mind and start seeing smurfs

Do you have tacacs or some sort of aaa setup? Please paste the config
with passwords and other confidential information omitted.

Trendkill wrote:
> Do you have tacacs or some sort of aaa setup? Please paste the config
> with passwords and other confidential information omitted.

Yes, I have tacacs configured on this switch. Here is the relevant info:

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa session-id common
tacacs-server host 192.168.11.7
tacacs-server host 192.168.11.8

On Jan 24, 7:35 am, "a...@vp.pl" <a...@vp.pl> wrote:
> Trendkill wrote:
> > Do you have tacacs or some sort of aaa setup? Please paste the config
> > with passwords and other confidential information omitted.
>
> Yes, I have tacacs configured on this switch. Here is the relevant info:
>
> aaa new-model
> aaa authentication login default group tacacs+ local
> aaa authentication enable default group tacacs+ enable
> aaa accounting exec default start-stop group tacacs+
> aaa session-id common
> tacacs-server host 192.168.11.7
> tacacs-server host 192.168.11.8

Ok, this looks good, and you don't have this applied on the vtys at
all? Do you have privilege level 15 setup for the group that your ID
is in in tacacs? I guess all of this may be moot if you are saying
that the command got re-put in. At its base, either you put it in on
a different device (i know, dumb statement), it got reverted on reboot
if you didn't save, someone else put the config back, or tacacs is
overriding regardless. I guess you could have Ciscoworks or something
that is overwriting the config, but you would probably know that if
you had something like that setup. Anything in the logs about changed
config?

Trendkill wrote:
> Ok, this looks good, and you don't have this applied on the vtys at
> all? Do you have privilege level 15 setup for the group that your ID
> is in in tacacs? I guess all of this may be moot if you are saying
> that the command got re-put in. At its base, either you put it in on
> a different device (i know, dumb statement), it got reverted on reboot
> if you didn't save, someone else put the config back, or tacacs is
> overriding regardless. I guess you could have Ciscoworks or something
> that is overwriting the config, but you would probably know that if
> you had something like that setup. Anything in the logs about changed
> config?

Thanks for your response. Yes, these are not applied on my VTYs. This is
the only switch which shows this extremely bizarre behavior using the
same TACACs server as around 50 other routers and switches. So I believe
there is no problem on the TACACs server side. I do not use Ciscoworks
and as mentioned earlier I am 100% sure that I have saved the changes
and the switch did not reboot. I will monitor the logs and hopefully
find the reason of this behavior. Thanks for your input.

AL