Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
You got a call that a part of a building is down. When you went inside the switch room you found that the A/C was switched off and the room was very hot.
All PCs can "only" ping the management VLAN of the site's access switch (in case you set static IPs for each PC), furthermore; no internet access.
You logged in the switch and noticed that the configuration was changed. After making "show run" and "show startup" you found that the configuration on the RAM do not match the one on the NVRAM.
After solving the issue you asked your colleague to check the TACACS server to get the information of the person who changed the configuration. "No one logged in before the accident, actually no one attempt to login at all", your colleague said.
Your manager got an email from the access control team of the organization that no one was inside the room physically.
Who modified the running-configuration file?
Notice that the SNMP wasn’t active during the period of the accident.
All the best
I'm sorry, this isn't the right answer. Thank you for participating in my post Mr. mohammed yasein
it could be that the last modification made wasn't actually saved or the switch is not configured with AAA
, in some configurations if the connection to the tacacs server was lost the next option for authentication in none , it depends of how the devices are configured